General

  • Target

    d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459

  • Size

    522KB

  • Sample

    241110-aqrjhawakh

  • MD5

    478b690181fbde242c33a756f038aa84

  • SHA1

    07010290d31072a020bcbee14b558e50f28da995

  • SHA256

    d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459

  • SHA512

    d13bd13192fb02f48a68954ba81e7e24d59dd5337518e3280295c2338dd6470dfff07c53a40f96bb25f89d422c883bd084cfd12c8e2837f0a85651731304220d

  • SSDEEP

    12288:gMrby90YNfztMFMxs8PMYCrUDkTh8a5mjfmQF:LyngYsA+3+mQF

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459

    • Size

      522KB

    • MD5

      478b690181fbde242c33a756f038aa84

    • SHA1

      07010290d31072a020bcbee14b558e50f28da995

    • SHA256

      d938f3997858e8c77deac9c047864363545235a6346a8246672992b89b561459

    • SHA512

      d13bd13192fb02f48a68954ba81e7e24d59dd5337518e3280295c2338dd6470dfff07c53a40f96bb25f89d422c883bd084cfd12c8e2837f0a85651731304220d

    • SSDEEP

      12288:gMrby90YNfztMFMxs8PMYCrUDkTh8a5mjfmQF:LyngYsA+3+mQF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks