General

  • Target

    011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e

  • Size

    538KB

  • Sample

    241109-x5ql3s1aka

  • MD5

    927a0d979a2295f3be5e33b81ab6cc8a

  • SHA1

    9d01a4a3f62e1c184e5c1e246cf78d0bd183a20e

  • SHA256

    011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e

  • SHA512

    4301630d5be18545dcf82e94fbfe0b8fec00f445b83f88823eb05476ae47061bdab6a6788e90967e05d7f7bff0168148ed42268a16376e6c01489bec00fa277c

  • SSDEEP

    12288:4Mrby90giSpxtvc3T+vjgy2WbqhPaScjPN8RRBvw6nwk4tRin:DybLpxtw+vbbwaSYPNQRBvw6nwkign

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e

    • Size

      538KB

    • MD5

      927a0d979a2295f3be5e33b81ab6cc8a

    • SHA1

      9d01a4a3f62e1c184e5c1e246cf78d0bd183a20e

    • SHA256

      011901ee22eac3555088469a7c2806ac96746eac05cb9d8f0c5aba83e396596e

    • SHA512

      4301630d5be18545dcf82e94fbfe0b8fec00f445b83f88823eb05476ae47061bdab6a6788e90967e05d7f7bff0168148ed42268a16376e6c01489bec00fa277c

    • SSDEEP

      12288:4Mrby90giSpxtvc3T+vjgy2WbqhPaScjPN8RRBvw6nwk4tRin:DybLpxtw+vbbwaSYPNQRBvw6nwkign

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks