General

  • Target

    de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922

  • Size

    674KB

  • Sample

    241109-xpqxxazfnn

  • MD5

    7593ac1fed1571b56f227fbd6a655564

  • SHA1

    7dd4a9cb30122e4a10acd2189ed5be8429f58c17

  • SHA256

    de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922

  • SHA512

    e18d4122f111630c5e8071670163b92b4529ee7625e2d7cbefed220eaa63d216aa5c5cc986217e3d38107e5292b5d774c531632806f53d7aecbef599816e1f32

  • SSDEEP

    12288:tMroy90msh/8vjW9eCm3PodWdPHMro3xZ9uHuXP42wHRyk57Xnd:1ykh0vq5p4dPHMc8242wR

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922

    • Size

      674KB

    • MD5

      7593ac1fed1571b56f227fbd6a655564

    • SHA1

      7dd4a9cb30122e4a10acd2189ed5be8429f58c17

    • SHA256

      de9819e0e36e8433957a62851be27657fc3e9092bd7814012a3bd7a3d812d922

    • SHA512

      e18d4122f111630c5e8071670163b92b4529ee7625e2d7cbefed220eaa63d216aa5c5cc986217e3d38107e5292b5d774c531632806f53d7aecbef599816e1f32

    • SSDEEP

      12288:tMroy90msh/8vjW9eCm3PodWdPHMro3xZ9uHuXP42wHRyk57Xnd:1ykh0vq5p4dPHMc8242wR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks