General

  • Target

    a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed

  • Size

    683KB

  • Sample

    241109-y1mv3a1fkj

  • MD5

    d50da7e96004ec74573f2b97bd1318ef

  • SHA1

    966d13a6aa7e6a0a1639c9fe82da11b7face1482

  • SHA256

    a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed

  • SHA512

    33316ee43c4a886ff8735fc38fcb9315a405c3182030c9c63c22c7b8ab0fe29e1fc655f0a17d8bf7feadd621ca62b40b7f295a0549329f5bed261f6e44b75d25

  • SSDEEP

    12288:GMrmy90+E3LdOenoSEPIFchr2WG5do0RXOtO8+pCZYkS4YW2lBN:8yM3JOenoSEOm5Gno0OtrqvklCN

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed

    • Size

      683KB

    • MD5

      d50da7e96004ec74573f2b97bd1318ef

    • SHA1

      966d13a6aa7e6a0a1639c9fe82da11b7face1482

    • SHA256

      a450ff04738b7f724773521dc5d2438b34c59f84bdefc635b19fb4f44a5bb9ed

    • SHA512

      33316ee43c4a886ff8735fc38fcb9315a405c3182030c9c63c22c7b8ab0fe29e1fc655f0a17d8bf7feadd621ca62b40b7f295a0549329f5bed261f6e44b75d25

    • SSDEEP

      12288:GMrmy90+E3LdOenoSEPIFchr2WG5do0RXOtO8+pCZYkS4YW2lBN:8yM3JOenoSEOm5Gno0OtrqvklCN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks