General

  • Target

    b0600ac6c8dfbf80304661271530fee1d19bda29b03b05a4eb88845b5ff2548f

  • Size

    670KB

  • Sample

    241109-fsntaa1lgl

  • MD5

    ff36442303a8588e807189f07893c500

  • SHA1

    34484a6e87792c376e028d59f8f41f7ddee02482

  • SHA256

    b0600ac6c8dfbf80304661271530fee1d19bda29b03b05a4eb88845b5ff2548f

  • SHA512

    96448bfae2f0e00af906fa5b448b927e196125a415d343bac48b0552bfdb579a7b57fc30d4fbe9201e18bff5ca71dde2b513be62406417dc4b8e2c2726b25454

  • SSDEEP

    12288:VMrSy90CFLiTbl9i2EW31U9TK7jka+7rHhYYMcRgxcpDzj3U4mbT/W:ny/+lIW31OLtPhYqRfpDf3ebDW

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b0600ac6c8dfbf80304661271530fee1d19bda29b03b05a4eb88845b5ff2548f

    • Size

      670KB

    • MD5

      ff36442303a8588e807189f07893c500

    • SHA1

      34484a6e87792c376e028d59f8f41f7ddee02482

    • SHA256

      b0600ac6c8dfbf80304661271530fee1d19bda29b03b05a4eb88845b5ff2548f

    • SHA512

      96448bfae2f0e00af906fa5b448b927e196125a415d343bac48b0552bfdb579a7b57fc30d4fbe9201e18bff5ca71dde2b513be62406417dc4b8e2c2726b25454

    • SSDEEP

      12288:VMrSy90CFLiTbl9i2EW31U9TK7jka+7rHhYYMcRgxcpDzj3U4mbT/W:ny/+lIW31OLtPhYqRfpDf3ebDW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks