General

  • Target

    8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146

  • Size

    531KB

  • Sample

    241109-y61n4s1gqc

  • MD5

    dd918e46a0e8a386944af728a804cc26

  • SHA1

    4ad084ee5c7255140cf5061eb31fb3d0d21bd384

  • SHA256

    8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146

  • SHA512

    430047e2b9ccc6353d83120a2085cbc0be66462aaeaea82bcbe9e429a26d68ebdc5948480b765be8d68961ce1815c7b1436018dac7af25d550e0317daf187f23

  • SSDEEP

    12288:SMrTy90BFBrWuYNy7klnwfocoprw4CyIa4sGxYbkl05l:RyC7Wuay7InMxIb4sTklO

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146

    • Size

      531KB

    • MD5

      dd918e46a0e8a386944af728a804cc26

    • SHA1

      4ad084ee5c7255140cf5061eb31fb3d0d21bd384

    • SHA256

      8d5a794500378fc82b2a9fcaeeb9e1d817d96e83823f1e98924d742f7c9c9146

    • SHA512

      430047e2b9ccc6353d83120a2085cbc0be66462aaeaea82bcbe9e429a26d68ebdc5948480b765be8d68961ce1815c7b1436018dac7af25d550e0317daf187f23

    • SSDEEP

      12288:SMrTy90BFBrWuYNy7klnwfocoprw4CyIa4sGxYbkl05l:RyC7Wuay7InMxIb4sTklO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks