General

  • Target

    c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8

  • Size

    549KB

  • Sample

    241109-zce1zs1hqf

  • MD5

    7f6005bed0e9651a48b22a7113078da0

  • SHA1

    4989fdb09699a686756fed67cb257b4041c8d032

  • SHA256

    c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8

  • SHA512

    0d4da37bbb6838a6fc4230b24c005cc3578cd63e44dc29336a9ccc18a7fa93656344fb960799dd59ce8a5e85fce77f668650f25eca26ac1e3afd138cf99390bd

  • SSDEEP

    12288:nMrry90k44sZGMVqAUsaWwR/xcbGtRdcYPUn:wyX44sHNaWwR/zSYPUn

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8

    • Size

      549KB

    • MD5

      7f6005bed0e9651a48b22a7113078da0

    • SHA1

      4989fdb09699a686756fed67cb257b4041c8d032

    • SHA256

      c786f987716c2d2a459108b59d43b1abc2b0f13fc3fdc3ea57cf34d6fa9674d8

    • SHA512

      0d4da37bbb6838a6fc4230b24c005cc3578cd63e44dc29336a9ccc18a7fa93656344fb960799dd59ce8a5e85fce77f668650f25eca26ac1e3afd138cf99390bd

    • SSDEEP

      12288:nMrry90k44sZGMVqAUsaWwR/xcbGtRdcYPUn:wyX44sHNaWwR/zSYPUn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks