General

  • Target

    03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421

  • Size

    530KB

  • Sample

    241109-x35cfstkal

  • MD5

    a8c178c910f1bf4476a2dd708996aae5

  • SHA1

    7b3aa3e2d485bcc4c47e4777b0c05d1db62f3128

  • SHA256

    03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421

  • SHA512

    bb976f720d40b2badd3256bdde3c27dc4694db0650dc7c94806c35f46d712c461394377983a338d19068d00e02c50a4516e1d53d32726aaf94bb422690bd1cb2

  • SSDEEP

    12288:nMriy90J2POgcLU4pePlr37cQsy21L0gR2PbdG1+:ZyVvp4g3Hs7ag4O+

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421

    • Size

      530KB

    • MD5

      a8c178c910f1bf4476a2dd708996aae5

    • SHA1

      7b3aa3e2d485bcc4c47e4777b0c05d1db62f3128

    • SHA256

      03e6b7c64aee1ff49f611592e483b8ba1f95d774333850330a67ad1f41def421

    • SHA512

      bb976f720d40b2badd3256bdde3c27dc4694db0650dc7c94806c35f46d712c461394377983a338d19068d00e02c50a4516e1d53d32726aaf94bb422690bd1cb2

    • SSDEEP

      12288:nMriy90J2POgcLU4pePlr37cQsy21L0gR2PbdG1+:ZyVvp4g3Hs7ag4O+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks