General

  • Target

    47f1394626d9044a973796aa8887541b8edf10835d9c73ec89219bae32301ef1

  • Size

    677KB

  • Sample

    241109-flrlla1kfl

  • MD5

    637f15f7a9f568094f4858c2d61d83b6

  • SHA1

    b8aa7f4e34319cc04959ada9012cf6ae5fd06e41

  • SHA256

    47f1394626d9044a973796aa8887541b8edf10835d9c73ec89219bae32301ef1

  • SHA512

    b82e2b27d68b3a8c1d7dab8ddcedf006265221f69aa05914c613eae3c86da4d829a470dbf2b8e1eae4c7383bea39b8ee5cb67439edf15a8b91c6a1923337b317

  • SSDEEP

    12288:WMrey90v3kBCX3BsVzOW1Lo2zOXdArvBJrLgJRwOSH7fm2AeZBSwd:Ey03kBCXxPyLzlLTHOwDHboeZBd

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      47f1394626d9044a973796aa8887541b8edf10835d9c73ec89219bae32301ef1

    • Size

      677KB

    • MD5

      637f15f7a9f568094f4858c2d61d83b6

    • SHA1

      b8aa7f4e34319cc04959ada9012cf6ae5fd06e41

    • SHA256

      47f1394626d9044a973796aa8887541b8edf10835d9c73ec89219bae32301ef1

    • SHA512

      b82e2b27d68b3a8c1d7dab8ddcedf006265221f69aa05914c613eae3c86da4d829a470dbf2b8e1eae4c7383bea39b8ee5cb67439edf15a8b91c6a1923337b317

    • SSDEEP

      12288:WMrey90v3kBCX3BsVzOW1Lo2zOXdArvBJrLgJRwOSH7fm2AeZBSwd:Ey03kBCXxPyLzlLTHOwDHboeZBd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks