General

  • Target

    b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a

  • Size

    662KB

  • Sample

    241109-fyegssxpbw

  • MD5

    dc383621d93bc65beccb8f3f07556e22

  • SHA1

    74ca929c085daac4dcbdac0dd4c96e56f3d3fe98

  • SHA256

    b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a

  • SHA512

    588a028562fe3bacb47b2e83734e7268b7c42a9720dff8af682b8d7d27a6f23b42bf6a649fb6d0ca266f74c418c01662994ed465d1786716827054da56b3b46f

  • SSDEEP

    12288:oMrsy907QW9fdJvBWLEifJyyJBp/2s3BaSgd2qjjdTHgT+vwyQzKx:UyfW9fzBWLyysBSgd2qjJTATpTzC

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a

    • Size

      662KB

    • MD5

      dc383621d93bc65beccb8f3f07556e22

    • SHA1

      74ca929c085daac4dcbdac0dd4c96e56f3d3fe98

    • SHA256

      b16c46cabcb6f0cb7405e9d3f73443cf492d6cdae7f79c09523ae42848ae1a1a

    • SHA512

      588a028562fe3bacb47b2e83734e7268b7c42a9720dff8af682b8d7d27a6f23b42bf6a649fb6d0ca266f74c418c01662994ed465d1786716827054da56b3b46f

    • SSDEEP

      12288:oMrsy907QW9fdJvBWLEifJyyJBp/2s3BaSgd2qjjdTHgT+vwyQzKx:UyfW9fzBWLyysBSgd2qjJTATpTzC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks