General

  • Target

    2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6

  • Size

    521KB

  • Sample

    241110-a53kbawbmj

  • MD5

    45b17a0b6307a6f94d7e829a52f2865a

  • SHA1

    2bd6cbea5732767d0b4fc41dc37d7a622323c2e7

  • SHA256

    2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6

  • SHA512

    d51fbefabbe09adccafc4874e35d83f657d2ed23ecc107cb023081075d50f9208cdea292207cd05046aea2a76f5296a3c0e28d13f2e78414c87cbc53ca900aeb

  • SSDEEP

    12288:zMrvy90UHls0tZjE876YE40lmXmgbTOEGszsZJDi7X:oyq0njErKmwTOEGsY4

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6

    • Size

      521KB

    • MD5

      45b17a0b6307a6f94d7e829a52f2865a

    • SHA1

      2bd6cbea5732767d0b4fc41dc37d7a622323c2e7

    • SHA256

      2ca65d3ff2ff9b97e621a5dd1c5b7ffb7e4021ce78b85cdb9da81a37382444d6

    • SHA512

      d51fbefabbe09adccafc4874e35d83f657d2ed23ecc107cb023081075d50f9208cdea292207cd05046aea2a76f5296a3c0e28d13f2e78414c87cbc53ca900aeb

    • SSDEEP

      12288:zMrvy90UHls0tZjE876YE40lmXmgbTOEGszsZJDi7X:oyq0njErKmwTOEGsY4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks