General

  • Target

    d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860

  • Size

    1.0MB

  • Sample

    241109-x6bvba1ala

  • MD5

    ff6631e4c2c32e21dccf8cfa39d237a9

  • SHA1

    9e10d1be346a0273ed54b1508c8c7e8cdf1374f4

  • SHA256

    d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860

  • SHA512

    80c2e75ab00d700dcec22310b76b9055b5cd3c259a68e35ea458b22d4a17ac9023582227e391bf7274ad0e6bdd44d89321c22bd8a2590cc19ebf17ecf79739e4

  • SSDEEP

    24576:KyVXUsgnwVfe2ngi1fsrSC/wIWGW27cKnhv94cy:RdVf/gM0+C/wIa+hv9T

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860

    • Size

      1.0MB

    • MD5

      ff6631e4c2c32e21dccf8cfa39d237a9

    • SHA1

      9e10d1be346a0273ed54b1508c8c7e8cdf1374f4

    • SHA256

      d3cf18bfea629d131c786987d3a6f28217456d323c1be465c7d2e3367a71a860

    • SHA512

      80c2e75ab00d700dcec22310b76b9055b5cd3c259a68e35ea458b22d4a17ac9023582227e391bf7274ad0e6bdd44d89321c22bd8a2590cc19ebf17ecf79739e4

    • SSDEEP

      24576:KyVXUsgnwVfe2ngi1fsrSC/wIWGW27cKnhv94cy:RdVf/gM0+C/wIa+hv9T

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks