General

  • Target

    95ea20acb162f6fd3eaf5fdcfb1c30d5121ace8ff4dd58fcc552bf25c3990ed4

  • Size

    659KB

  • Sample

    241109-y8y83a1hke

  • MD5

    4b3f8dd4ce5359cd45ddd345c7f79385

  • SHA1

    2c9e2dd366e0a9ce2b9bd3ebc6a6b072afa1a231

  • SHA256

    95ea20acb162f6fd3eaf5fdcfb1c30d5121ace8ff4dd58fcc552bf25c3990ed4

  • SHA512

    d74038f15cfd8dc27be4ffaf8482a3e3c6d1556ffccf4df447ea3283d84ee4f5c15578bc11bce4c7aa021a2a3ffa485ff6d4222687b8b282803b18225d60204e

  • SSDEEP

    12288:jMrdy90NtjKwvsEWrsP2RgUJW6TUvgRyuOoDdklnwfoioyhwAEEifTMqBMsT0x:SyWo1E/P2msxU4A4DdInMijfT9SsTu

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      95ea20acb162f6fd3eaf5fdcfb1c30d5121ace8ff4dd58fcc552bf25c3990ed4

    • Size

      659KB

    • MD5

      4b3f8dd4ce5359cd45ddd345c7f79385

    • SHA1

      2c9e2dd366e0a9ce2b9bd3ebc6a6b072afa1a231

    • SHA256

      95ea20acb162f6fd3eaf5fdcfb1c30d5121ace8ff4dd58fcc552bf25c3990ed4

    • SHA512

      d74038f15cfd8dc27be4ffaf8482a3e3c6d1556ffccf4df447ea3283d84ee4f5c15578bc11bce4c7aa021a2a3ffa485ff6d4222687b8b282803b18225d60204e

    • SSDEEP

      12288:jMrdy90NtjKwvsEWrsP2RgUJW6TUvgRyuOoDdklnwfoioyhwAEEifTMqBMsT0x:SyWo1E/P2msxU4A4DdInMijfT9SsTu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks