General

  • Target

    7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5

  • Size

    522KB

  • Sample

    241109-fn7qlayare

  • MD5

    e46732f3180a6884445b74e62e2ed80a

  • SHA1

    fd60474323dda461d2a01b2cf77abc30412a00e9

  • SHA256

    7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5

  • SHA512

    383e3882337b6254160f03b7d7d9fc66715ef9d7e5ff570a2a6904a97d02c4930ea22e496772b9c4b104d362b3ee4902300b2f6447944419a5a34a1f03299134

  • SSDEEP

    12288:rMrVy90QdsLDWMiQo/5L3iFqfsQt2upxIfafZk4:iyWrkSFq3vxI6K4

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5

    • Size

      522KB

    • MD5

      e46732f3180a6884445b74e62e2ed80a

    • SHA1

      fd60474323dda461d2a01b2cf77abc30412a00e9

    • SHA256

      7df950a2c40ec9c514a539e575a51616152b553b6e83c05ebc5c5103a4561ec5

    • SHA512

      383e3882337b6254160f03b7d7d9fc66715ef9d7e5ff570a2a6904a97d02c4930ea22e496772b9c4b104d362b3ee4902300b2f6447944419a5a34a1f03299134

    • SSDEEP

      12288:rMrVy90QdsLDWMiQo/5L3iFqfsQt2upxIfafZk4:iyWrkSFq3vxI6K4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks