General

  • Target

    45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976

  • Size

    532KB

  • Sample

    241109-xntx6ssqcr

  • MD5

    a04c579bc5492febe3897c44a38b8048

  • SHA1

    6f25df42e4c833c04aedecd4c9e1175792fe6f0b

  • SHA256

    45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976

  • SHA512

    b3673543d73f2b4f2c732301a7f54e3bfbe972c70ef2411a2ca8f29536ccacfe13b0e0832b750af3c78188c8508eac6e9e00b62a24c9575773ad5138bbc703c3

  • SSDEEP

    12288:MMr1y90gAha2rnX60kfvYRliaOiakpnS2QhSedLVElQ:ZyL0r60k3yRDAPVGQ

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976

    • Size

      532KB

    • MD5

      a04c579bc5492febe3897c44a38b8048

    • SHA1

      6f25df42e4c833c04aedecd4c9e1175792fe6f0b

    • SHA256

      45b72d5db935dd78581fbc773a04a1321b266f40a9f5d30cd4ac13c292807976

    • SHA512

      b3673543d73f2b4f2c732301a7f54e3bfbe972c70ef2411a2ca8f29536ccacfe13b0e0832b750af3c78188c8508eac6e9e00b62a24c9575773ad5138bbc703c3

    • SSDEEP

      12288:MMr1y90gAha2rnX60kfvYRliaOiakpnS2QhSedLVElQ:ZyL0r60k3yRDAPVGQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks