General

  • Target

    59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec

  • Size

    671KB

  • Sample

    241109-xvmgnssrdn

  • MD5

    e327c30a1d4f9dae9fc0ac68fd2bdacf

  • SHA1

    9a3667fe108eb65e421c97c035f80b209ba71a50

  • SHA256

    59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec

  • SHA512

    d7ad9d2a62167f8b1f2bebfd29c143d54af09df333ed41f52bb6b69c03f2f8886e0f8a8f934d4f9ac21354edf3293af0fd0981d61a5b57a1d7a708a3948d018d

  • SSDEEP

    12288:IMrKy90e6wVLOua73ILEdTKrhbMPiag5Gz/ibH5BC3:Syb6GCutGCbMPdBjiC3

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec

    • Size

      671KB

    • MD5

      e327c30a1d4f9dae9fc0ac68fd2bdacf

    • SHA1

      9a3667fe108eb65e421c97c035f80b209ba71a50

    • SHA256

      59e62f07be7f334cc4e3189234b63107323067e00abefffd05b0bf68f26180ec

    • SHA512

      d7ad9d2a62167f8b1f2bebfd29c143d54af09df333ed41f52bb6b69c03f2f8886e0f8a8f934d4f9ac21354edf3293af0fd0981d61a5b57a1d7a708a3948d018d

    • SSDEEP

      12288:IMrKy90e6wVLOua73ILEdTKrhbMPiag5Gz/ibH5BC3:Syb6GCutGCbMPdBjiC3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks