General

  • Target

    33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa

  • Size

    678KB

  • Sample

    241109-fs3mfaxnb1

  • MD5

    6e4a450b1b7dbcfa44c24291ee9f5144

  • SHA1

    f1a2827b0b0cd0aaeb3147d1bf9c00bbbcb904f7

  • SHA256

    33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa

  • SHA512

    2196f1a70a7f94f30848257ca51f7311945a8190c578ec9405a4fe2a0a1a3187655347d48dd4e6dbc3a1e679f69dbe74336554367327f31352d42b93e0552d24

  • SSDEEP

    12288:5Mrmy90hHkUEgMZtPH6OqaDFZnUvW0+44XKZQdAJtmEXken7Rxc7ljw1/:7y7rtNK+ZaZVbXflx+jw1/

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa

    • Size

      678KB

    • MD5

      6e4a450b1b7dbcfa44c24291ee9f5144

    • SHA1

      f1a2827b0b0cd0aaeb3147d1bf9c00bbbcb904f7

    • SHA256

      33e8c4342843c8ec98beee3eae67dd93c47222be73fd9dd2355e0cb5b2eabbaa

    • SHA512

      2196f1a70a7f94f30848257ca51f7311945a8190c578ec9405a4fe2a0a1a3187655347d48dd4e6dbc3a1e679f69dbe74336554367327f31352d42b93e0552d24

    • SSDEEP

      12288:5Mrmy90hHkUEgMZtPH6OqaDFZnUvW0+44XKZQdAJtmEXken7Rxc7ljw1/:7y7rtNK+ZaZVbXflx+jw1/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks