General

  • Target

    a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6N

  • Size

    517KB

  • Sample

    241109-x6xrsa1ama

  • MD5

    b42fa04c57b894e002b47d109e494ac0

  • SHA1

    0a1ff5497047a2e2f641dcb6fb3317803b9347c1

  • SHA256

    a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6

  • SHA512

    d8138261e1979e740f8528f1e71a2709ed348d0f5c4bf7387a789de8c4361ef74b41da5970012cb886fa5abe0a4e8feb05401a9e7fa8ebba4bc18b3e64ac2e00

  • SSDEEP

    12288:NMrxy90crpn9e062gSyy86pgCPGmBKxO9+0xd4t+EUZxXKUV1e:AyR9DB86pg+rEEd4+EUzXLe

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6N

    • Size

      517KB

    • MD5

      b42fa04c57b894e002b47d109e494ac0

    • SHA1

      0a1ff5497047a2e2f641dcb6fb3317803b9347c1

    • SHA256

      a6aa2791afe666d854348541cf2eb1c36dc4a2e7fe498cee28a6860289d050c6

    • SHA512

      d8138261e1979e740f8528f1e71a2709ed348d0f5c4bf7387a789de8c4361ef74b41da5970012cb886fa5abe0a4e8feb05401a9e7fa8ebba4bc18b3e64ac2e00

    • SSDEEP

      12288:NMrxy90crpn9e062gSyy86pgCPGmBKxO9+0xd4t+EUZxXKUV1e:AyR9DB86pg+rEEd4+EUzXLe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks