General

  • Target

    be69eaa7e9da3dde60dfab96d8b5dc4897b41c75165c7da592a27bcc224601bc

  • Size

    659KB

  • Sample

    241109-gnvxgasjam

  • MD5

    7e30ec989c7b1067e278e08e52b67808

  • SHA1

    a6f2b84d73834075bc526cbc04ed6fc02fef6d9d

  • SHA256

    be69eaa7e9da3dde60dfab96d8b5dc4897b41c75165c7da592a27bcc224601bc

  • SHA512

    288513b0b88a29add2d80a66b637563e798a1e57f0069ecc146b9267a3ef36f9fe9185a3c9e8fc5f0bf41ca2557fd0ad4874bdda21a6394c05171250f2ea7ff0

  • SSDEEP

    12288:UMrdy90Qgd2sLdJb2ZQGr2O/TLUJW6TVvguOKDzklnwfoio6HwADEibTAiOLfm:JyvGLDi/XsxVIaDzInM4IbTAiv

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      be69eaa7e9da3dde60dfab96d8b5dc4897b41c75165c7da592a27bcc224601bc

    • Size

      659KB

    • MD5

      7e30ec989c7b1067e278e08e52b67808

    • SHA1

      a6f2b84d73834075bc526cbc04ed6fc02fef6d9d

    • SHA256

      be69eaa7e9da3dde60dfab96d8b5dc4897b41c75165c7da592a27bcc224601bc

    • SHA512

      288513b0b88a29add2d80a66b637563e798a1e57f0069ecc146b9267a3ef36f9fe9185a3c9e8fc5f0bf41ca2557fd0ad4874bdda21a6394c05171250f2ea7ff0

    • SSDEEP

      12288:UMrdy90Qgd2sLdJb2ZQGr2O/TLUJW6TVvguOKDzklnwfoio6HwADEibTAiOLfm:JyvGLDi/XsxVIaDzInM4IbTAiv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks