General

  • Target

    0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df

  • Size

    659KB

  • Sample

    241109-ftd1gaybpg

  • MD5

    b0e0b04878906b432a1d801c3995dca4

  • SHA1

    ce67621f5d0d5753f6a77ea3feb5a266a34ade41

  • SHA256

    0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df

  • SHA512

    a6587f1caee7519da41f63ae8d4ce06c00a1c737182c1dca6358641a7557380b89625175c3d1cfeab709fe0143c13e6922de00b4a586c96e8be6d7bfd7b4e351

  • SSDEEP

    12288:cMrwy90ADY+pFVdWLi803N7ZAsVYyiwjU10Df5KVa/ImAeTB0t7d:syDjpvw03N7ZACYsjU1QAFmAeT+X

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df

    • Size

      659KB

    • MD5

      b0e0b04878906b432a1d801c3995dca4

    • SHA1

      ce67621f5d0d5753f6a77ea3feb5a266a34ade41

    • SHA256

      0be1ae324b30c6fab509468df5b31d7e844d89cacd141afc98e138b5ac0489df

    • SHA512

      a6587f1caee7519da41f63ae8d4ce06c00a1c737182c1dca6358641a7557380b89625175c3d1cfeab709fe0143c13e6922de00b4a586c96e8be6d7bfd7b4e351

    • SSDEEP

      12288:cMrwy90ADY+pFVdWLi803N7ZAsVYyiwjU10Df5KVa/ImAeTB0t7d:syDjpvw03N7ZACYsjU1QAFmAeT+X

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks