General

  • Target

    2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f

  • Size

    660KB

  • Sample

    241109-y89d2a1hjk

  • MD5

    4d276b26a2e28b25a5ea4400b26f3523

  • SHA1

    14a6d5a3e1486d5fb2282da88d7c8b31af20f2a1

  • SHA256

    2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f

  • SHA512

    93570edf9ec226650931b01652c76d329f3765c6b915db361fb78586fbd6f5c2a753b64ab67328181708e967b34d15fb6bed45e41b299f160d1e5bcfae22a933

  • SSDEEP

    12288:IMrMy90N64KkGg96i2+MsNyTX2tXWiof5KRa/jm9UvVnEam9Cu:EyyK66i2+de2MjA+m9U9nEamcu

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f

    • Size

      660KB

    • MD5

      4d276b26a2e28b25a5ea4400b26f3523

    • SHA1

      14a6d5a3e1486d5fb2282da88d7c8b31af20f2a1

    • SHA256

      2fe8c625782b5730f678e42930b5495c9c256d18cb5b4ef57422831eb30dac5f

    • SHA512

      93570edf9ec226650931b01652c76d329f3765c6b915db361fb78586fbd6f5c2a753b64ab67328181708e967b34d15fb6bed45e41b299f160d1e5bcfae22a933

    • SSDEEP

      12288:IMrMy90N64KkGg96i2+MsNyTX2tXWiof5KRa/jm9UvVnEam9Cu:EyyK66i2+de2MjA+m9U9nEamcu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks