General

  • Target

    20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68

  • Size

    692KB

  • Sample

    241109-y69a9a1gqe

  • MD5

    5eb8cdc8408f2b111c05bacb90d1e2d2

  • SHA1

    479ddbbd7060abecb9d0cfacfa35f0b7fcdb618e

  • SHA256

    20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68

  • SHA512

    33b9aef44b2b59c64c3b85d54e2afb641df2d809826a8a61f5bf2529957f86d41a4de1aff7c5905c654e5067d9f63c960bf4f34b4b82259c64eee45ea1ce72d3

  • SSDEEP

    12288:6Mrky909iVcJUw0rxx7bGTCjiPHoUluaxsHEG6GhBOc:qyofJD0d2f/bKEGbhBH

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68

    • Size

      692KB

    • MD5

      5eb8cdc8408f2b111c05bacb90d1e2d2

    • SHA1

      479ddbbd7060abecb9d0cfacfa35f0b7fcdb618e

    • SHA256

      20032ce90862bead01279fc1cf7fc4791165046b42d38f2d884b9b15c3af0d68

    • SHA512

      33b9aef44b2b59c64c3b85d54e2afb641df2d809826a8a61f5bf2529957f86d41a4de1aff7c5905c654e5067d9f63c960bf4f34b4b82259c64eee45ea1ce72d3

    • SSDEEP

      12288:6Mrky909iVcJUw0rxx7bGTCjiPHoUluaxsHEG6GhBOc:qyofJD0d2f/bKEGbhBH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks