General

  • Target

    293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b

  • Size

    663KB

  • Sample

    241109-fqcy1aybkf

  • MD5

    ea646b4237b247721cc397ff4062ac5d

  • SHA1

    888eff0a049ec68e2ac2a601d3289cd96aba6e75

  • SHA256

    293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b

  • SHA512

    81777b9d0849b1d270ee625f7e3bf890ced25cac99145440f5672bf1f1be3a56cf1ce2edbac87cfb78dbcac099cae6f319587e84f8b96bbccdcf566f055fab21

  • SSDEEP

    12288:NMr8y90X80AgZS7zwSDprl72vkEuZMrFm2qE70um62u8Xo:VycybfVrhKoaxm2qE70s2uN

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b

    • Size

      663KB

    • MD5

      ea646b4237b247721cc397ff4062ac5d

    • SHA1

      888eff0a049ec68e2ac2a601d3289cd96aba6e75

    • SHA256

      293c7419343e6ed4440a63aca7e2e268718d9462547c4461b0840af433abd84b

    • SHA512

      81777b9d0849b1d270ee625f7e3bf890ced25cac99145440f5672bf1f1be3a56cf1ce2edbac87cfb78dbcac099cae6f319587e84f8b96bbccdcf566f055fab21

    • SSDEEP

      12288:NMr8y90X80AgZS7zwSDprl72vkEuZMrFm2qE70um62u8Xo:VycybfVrhKoaxm2qE70s2uN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks