General

  • Target

    6f0540dddd4b9c4980c24218a04a59d975050778255f7c43aebd0b14024a5354

  • Size

    559KB

  • Sample

    241109-fycyzaycnp

  • MD5

    0adf6cdfa53400d4ddad9088ec6936f3

  • SHA1

    c81d1b43b1b4c857badf600b2363ec546c7737f3

  • SHA256

    6f0540dddd4b9c4980c24218a04a59d975050778255f7c43aebd0b14024a5354

  • SHA512

    da4f4860293ecff62b3583aa44e9766872f16764b78b4480cad3930e01b3654d90eddb93b4e31a1b79202fd31b789cf11b14ef7b44ef794bd1b4b94f25de31b0

  • SSDEEP

    12288:5MrMy90KcjXq89cyNaJrdIsoLIu3NbcR03qfCg41Y:Jy9c/cfuNIu3NbYfCg4+

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      6f0540dddd4b9c4980c24218a04a59d975050778255f7c43aebd0b14024a5354

    • Size

      559KB

    • MD5

      0adf6cdfa53400d4ddad9088ec6936f3

    • SHA1

      c81d1b43b1b4c857badf600b2363ec546c7737f3

    • SHA256

      6f0540dddd4b9c4980c24218a04a59d975050778255f7c43aebd0b14024a5354

    • SHA512

      da4f4860293ecff62b3583aa44e9766872f16764b78b4480cad3930e01b3654d90eddb93b4e31a1b79202fd31b789cf11b14ef7b44ef794bd1b4b94f25de31b0

    • SSDEEP

      12288:5MrMy90KcjXq89cyNaJrdIsoLIu3NbcR03qfCg41Y:Jy9c/cfuNIu3NbYfCg4+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks