General

  • Target

    1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea

  • Size

    538KB

  • Sample

    241109-gtccbasjfp

  • MD5

    ec6d06c0c3128572c51d9cd366ff58b4

  • SHA1

    fb67e4e0d5058edeeb5d3ad4ea3ce686a1e79ed8

  • SHA256

    1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea

  • SHA512

    d315bf48186a312183c20375a72a3b123e121759fd939bf99d8a153c4093a42c5909be1440eec9b5fa9862ed715dafc8b258f5897ca82a998aa2c9effb6baeb9

  • SSDEEP

    12288:aMrky905/aw6hxN6OvNBrrxTRaSnjPNbjRn7x7xTC:myu/4hxAqfLaSjPN/Rn7TW

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea

    • Size

      538KB

    • MD5

      ec6d06c0c3128572c51d9cd366ff58b4

    • SHA1

      fb67e4e0d5058edeeb5d3ad4ea3ce686a1e79ed8

    • SHA256

      1a0257c30d749e80a4a8d4545ac2c74d0f74c2d7c012813b83d89f924e3d53ea

    • SHA512

      d315bf48186a312183c20375a72a3b123e121759fd939bf99d8a153c4093a42c5909be1440eec9b5fa9862ed715dafc8b258f5897ca82a998aa2c9effb6baeb9

    • SSDEEP

      12288:aMrky905/aw6hxN6OvNBrrxTRaSnjPNbjRn7x7xTC:myu/4hxAqfLaSjPN/Rn7TW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks