General

  • Target

    20e42276afb573b021773b7a8aadcfa10e897d3963c3804f7ace8978dfc2a240

  • Size

    660KB

  • Sample

    241110-as8wkavhml

  • MD5

    3824f9652102574416595038b2889e50

  • SHA1

    86f8791e9590d6c3f6deff65bc446d4f44c0706a

  • SHA256

    20e42276afb573b021773b7a8aadcfa10e897d3963c3804f7ace8978dfc2a240

  • SHA512

    302ed08e6c351e0c62eafe5474dff06dae7b95b96440881bfd76b3e44bd3f7fe66df984eb0668fad121c8e3ad65cefebecd1c359b222154b13173581d8b315ec

  • SSDEEP

    12288:AMrMy90+4t2IJ+dKeRwWxIlquTf5Pzk9H8k4z6PbTmcFQMP2Tfug:8y6t2HTIlqi57k9H8k4z6PbThZUfug

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      20e42276afb573b021773b7a8aadcfa10e897d3963c3804f7ace8978dfc2a240

    • Size

      660KB

    • MD5

      3824f9652102574416595038b2889e50

    • SHA1

      86f8791e9590d6c3f6deff65bc446d4f44c0706a

    • SHA256

      20e42276afb573b021773b7a8aadcfa10e897d3963c3804f7ace8978dfc2a240

    • SHA512

      302ed08e6c351e0c62eafe5474dff06dae7b95b96440881bfd76b3e44bd3f7fe66df984eb0668fad121c8e3ad65cefebecd1c359b222154b13173581d8b315ec

    • SSDEEP

      12288:AMrMy90+4t2IJ+dKeRwWxIlquTf5Pzk9H8k4z6PbTmcFQMP2Tfug:8y6t2HTIlqi57k9H8k4z6PbThZUfug

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks