General

  • Target

    423aa49976e54373d51fad87301175c71a78d5a0f19c2cc48ad0961c58b5d594.exe

  • Size

    537KB

  • Sample

    241110-288dhszqdk

  • MD5

    168d2f2e703d193ad4cf613e0964ca93

  • SHA1

    58d90f61601865433a5635ab8f450207fc9c5efb

  • SHA256

    423aa49976e54373d51fad87301175c71a78d5a0f19c2cc48ad0961c58b5d594

  • SHA512

    8fcc67ade91a0807caa3737f79ed4d15a645e77191c1e7c84da96af09820c384cfc32bf8f62d4e036bb7aaa8af3bd480cdb20ca626041943c6d5cbad84464437

  • SSDEEP

    12288:cMr+y90y8mD657s0nTcgfKGz+96rU/8H1wBnm6M0IasXdwPGi:Ky3Z657d7CsXrNVwd6boGi

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      423aa49976e54373d51fad87301175c71a78d5a0f19c2cc48ad0961c58b5d594.exe

    • Size

      537KB

    • MD5

      168d2f2e703d193ad4cf613e0964ca93

    • SHA1

      58d90f61601865433a5635ab8f450207fc9c5efb

    • SHA256

      423aa49976e54373d51fad87301175c71a78d5a0f19c2cc48ad0961c58b5d594

    • SHA512

      8fcc67ade91a0807caa3737f79ed4d15a645e77191c1e7c84da96af09820c384cfc32bf8f62d4e036bb7aaa8af3bd480cdb20ca626041943c6d5cbad84464437

    • SSDEEP

      12288:cMr+y90y8mD657s0nTcgfKGz+96rU/8H1wBnm6M0IasXdwPGi:Ky3Z657d7CsXrNVwd6boGi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks