General

  • Target

    a22f2285933dd12ba8fa2a52a52d0812ff8ec500a31cefe9a8d6f875e7b065bc

  • Size

    561KB

  • Sample

    241109-x5ff4szlcs

  • MD5

    7e9ecc44e5d31efa97a5245c6dcd7e57

  • SHA1

    ecbeac4618207328a10043fb67a889dda166fb7d

  • SHA256

    a22f2285933dd12ba8fa2a52a52d0812ff8ec500a31cefe9a8d6f875e7b065bc

  • SHA512

    b9785b632840109fd1002170ab707ecc5ad70da75ffd5c1ee6445385a58f193335911b935a29965c57a73f3d3296c36e3c894deb3ba20402583328b6600c72d1

  • SSDEEP

    12288:wMruy90pGU9kWnejkvBEbnp/7LRj77paggdMjpN/Chjzz5piMifn6:OyoZgp/PRj77BgdMjpN/Aj35pf

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      a22f2285933dd12ba8fa2a52a52d0812ff8ec500a31cefe9a8d6f875e7b065bc

    • Size

      561KB

    • MD5

      7e9ecc44e5d31efa97a5245c6dcd7e57

    • SHA1

      ecbeac4618207328a10043fb67a889dda166fb7d

    • SHA256

      a22f2285933dd12ba8fa2a52a52d0812ff8ec500a31cefe9a8d6f875e7b065bc

    • SHA512

      b9785b632840109fd1002170ab707ecc5ad70da75ffd5c1ee6445385a58f193335911b935a29965c57a73f3d3296c36e3c894deb3ba20402583328b6600c72d1

    • SSDEEP

      12288:wMruy90pGU9kWnejkvBEbnp/7LRj77paggdMjpN/Chjzz5piMifn6:OyoZgp/PRj77BgdMjpN/Aj35pf

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks