General

  • Target

    48cf91839348968cbea5931b826bbbfca04332b9d3d8a5d9b1901ccb0db78e35

  • Size

    658KB

  • Sample

    241109-fqykpsyblh

  • MD5

    45eb59ff359c08f4e433946adc78f386

  • SHA1

    2ee514ebb487bc56ff54dc28e2c59d8a254d4ca4

  • SHA256

    48cf91839348968cbea5931b826bbbfca04332b9d3d8a5d9b1901ccb0db78e35

  • SHA512

    012bca1f7f81843e5d957c9987fb882810083ceae531b3fca54423cf729a18b39280fee4ccb14e0bfbf4c2bd1e2226a3f35713085d558a431b6304b7394b50ee

  • SSDEEP

    12288:aMrQy90oLzjZAL92lZv+SwycUinDNpHQaM4ISLU4DlUuKX14M:GyHvjaL9MZ2EcUinpPLElD

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      48cf91839348968cbea5931b826bbbfca04332b9d3d8a5d9b1901ccb0db78e35

    • Size

      658KB

    • MD5

      45eb59ff359c08f4e433946adc78f386

    • SHA1

      2ee514ebb487bc56ff54dc28e2c59d8a254d4ca4

    • SHA256

      48cf91839348968cbea5931b826bbbfca04332b9d3d8a5d9b1901ccb0db78e35

    • SHA512

      012bca1f7f81843e5d957c9987fb882810083ceae531b3fca54423cf729a18b39280fee4ccb14e0bfbf4c2bd1e2226a3f35713085d558a431b6304b7394b50ee

    • SSDEEP

      12288:aMrQy90oLzjZAL92lZv+SwycUinDNpHQaM4ISLU4DlUuKX14M:GyHvjaL9MZ2EcUinpPLElD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks