General

  • Target

    11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85

  • Size

    534KB

  • Sample

    241109-xtzevasrdj

  • MD5

    e8959889ad58bae6eb7da88fb4d51d69

  • SHA1

    7188ade935156067c55b45486bd3d8f634963ddc

  • SHA256

    11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85

  • SHA512

    7bbb3fb357429bba3eda0c198f3f5435ec4fbd3b9dfd017c05c792f2fd485c7115741a656d56b77554f59595389694fabeee0ae8ba670d71e3b0dc3e6e144df0

  • SSDEEP

    12288:eMrZy90/ukj833Bbvw9Z6HZkzabOWwj9fnA6Cr215WS:ryx33BbjkzSOPj9fira5WS

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85

    • Size

      534KB

    • MD5

      e8959889ad58bae6eb7da88fb4d51d69

    • SHA1

      7188ade935156067c55b45486bd3d8f634963ddc

    • SHA256

      11fea0c2360e9014835416aa712d1ebced210d3284188df2c36a1db31d766a85

    • SHA512

      7bbb3fb357429bba3eda0c198f3f5435ec4fbd3b9dfd017c05c792f2fd485c7115741a656d56b77554f59595389694fabeee0ae8ba670d71e3b0dc3e6e144df0

    • SSDEEP

      12288:eMrZy90/ukj833Bbvw9Z6HZkzabOWwj9fnA6Cr215WS:ryx33BbjkzSOPj9fira5WS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks