General

  • Target

    433dd540a887e3ab167a0da46d758ab22908d93639f512765dcdda29e2a9f116

  • Size

    696KB

  • Sample

    241109-fplvhsxmfv

  • MD5

    9b286c4b26f2ef0c0ee67f22e18bbc28

  • SHA1

    d1c0c997b8bccddd79a4724966c40a170f202d33

  • SHA256

    433dd540a887e3ab167a0da46d758ab22908d93639f512765dcdda29e2a9f116

  • SHA512

    7d75dfc5e7edfe36335d47196093676cdee3dc4d6086347ab157173801b01302d92812fda58bafaf1893b84f08e7e243aafb1e627226aa83b0a707fdd6de7be5

  • SSDEEP

    12288:IMrny904QjF/6Mruxa6YqZZhrp/YHx83qEOd4QL6FSGjmAxI9gssGGY9T+x4X:/yNQdWo6YqZHMxh9HGjbI9v5fT+yX

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      433dd540a887e3ab167a0da46d758ab22908d93639f512765dcdda29e2a9f116

    • Size

      696KB

    • MD5

      9b286c4b26f2ef0c0ee67f22e18bbc28

    • SHA1

      d1c0c997b8bccddd79a4724966c40a170f202d33

    • SHA256

      433dd540a887e3ab167a0da46d758ab22908d93639f512765dcdda29e2a9f116

    • SHA512

      7d75dfc5e7edfe36335d47196093676cdee3dc4d6086347ab157173801b01302d92812fda58bafaf1893b84f08e7e243aafb1e627226aa83b0a707fdd6de7be5

    • SSDEEP

      12288:IMrny904QjF/6Mruxa6YqZZhrp/YHx83qEOd4QL6FSGjmAxI9gssGGY9T+x4X:/yNQdWo6YqZHMxh9HGjbI9v5fT+yX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks