General

  • Target

    f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b

  • Size

    657KB

  • Sample

    241109-flw63sxmby

  • MD5

    ff39efec3f6cf1a4de50f8e8b7d077c3

  • SHA1

    93ec54ee1d99c9239b0d9241208f69ba2a961383

  • SHA256

    f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b

  • SHA512

    369a5f5809bf1079fa3189966362721d46589a62552335043b15bd82029e1d7df4cccace6da84c4171294296a5cbd7d68218dfac77fea067032b814943720c05

  • SSDEEP

    12288:5Mr+y90XRd3MyRlabwUPlEp//2nv6D2KhuYVs4IVtbTtbpchGd0aQ:7yyKRPlyXw6qKhuyYLCsQ

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b

    • Size

      657KB

    • MD5

      ff39efec3f6cf1a4de50f8e8b7d077c3

    • SHA1

      93ec54ee1d99c9239b0d9241208f69ba2a961383

    • SHA256

      f616c4d5f63c057d7576f834d7afaf81cdd6462565cc75599e9c3868e31d018b

    • SHA512

      369a5f5809bf1079fa3189966362721d46589a62552335043b15bd82029e1d7df4cccace6da84c4171294296a5cbd7d68218dfac77fea067032b814943720c05

    • SSDEEP

      12288:5Mr+y90XRd3MyRlabwUPlEp//2nv6D2KhuYVs4IVtbTtbpchGd0aQ:7yyKRPlyXw6qKhuyYLCsQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks