General

  • Target

    e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d

  • Size

    529KB

  • Sample

    241109-gs3swayhqk

  • MD5

    8db7077d73099a17b8ba7f6e9af7d018

  • SHA1

    f25a67af6048634a77b163f4d9933c6a394c8f9d

  • SHA256

    e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d

  • SHA512

    8a38d3f3767fe84e7bd2caa4c1bcbc66f9b36697596d455d2b184e7a123d4f10789eb15f5bc957484bcdf183ebc3cfb461f60f6d72e678993856fc320f7a850e

  • SSDEEP

    12288:OMrey906CKGh2o2q7B6FFRueVtOyk4IenTnojj9NKGn:My1CKGMor7YFFowtBxXTnwKGn

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d

    • Size

      529KB

    • MD5

      8db7077d73099a17b8ba7f6e9af7d018

    • SHA1

      f25a67af6048634a77b163f4d9933c6a394c8f9d

    • SHA256

      e6e5e196fbfaa4a85202fb131d63cf1eb879917e3be9d414670d142190b16a6d

    • SHA512

      8a38d3f3767fe84e7bd2caa4c1bcbc66f9b36697596d455d2b184e7a123d4f10789eb15f5bc957484bcdf183ebc3cfb461f60f6d72e678993856fc320f7a850e

    • SSDEEP

      12288:OMrey906CKGh2o2q7B6FFRueVtOyk4IenTnojj9NKGn:My1CKGMor7YFFowtBxXTnwKGn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks