General

  • Target

    b39f428dc5debb5866f0012f667a897bc934af264c1462ef2e8bc7d55e54a597

  • Size

    699KB

  • Sample

    241110-aspspawang

  • MD5

    53b297c31aab1be416e15de6deaaf807

  • SHA1

    0fa83ed8451ed9abcb4653e87742cb26b81b4ecf

  • SHA256

    b39f428dc5debb5866f0012f667a897bc934af264c1462ef2e8bc7d55e54a597

  • SHA512

    86b3715958799a9af6f4f1ef665556d62f7b7aa55ca18f31e572514487fa31494e4dfa59c02450f2bfadacfed2509a1af5ba97d92de32d0ae644f2eb0e547423

  • SSDEEP

    12288:iMrpy90FtS2o4r3njYnD9X8H6u2yw4PIFbActKEfUkt6ogZFIQokOAP1EK+m:jyxhicnJTP4OPKEf1fgrfAAPN

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b39f428dc5debb5866f0012f667a897bc934af264c1462ef2e8bc7d55e54a597

    • Size

      699KB

    • MD5

      53b297c31aab1be416e15de6deaaf807

    • SHA1

      0fa83ed8451ed9abcb4653e87742cb26b81b4ecf

    • SHA256

      b39f428dc5debb5866f0012f667a897bc934af264c1462ef2e8bc7d55e54a597

    • SHA512

      86b3715958799a9af6f4f1ef665556d62f7b7aa55ca18f31e572514487fa31494e4dfa59c02450f2bfadacfed2509a1af5ba97d92de32d0ae644f2eb0e547423

    • SSDEEP

      12288:iMrpy90FtS2o4r3njYnD9X8H6u2yw4PIFbActKEfUkt6ogZFIQokOAP1EK+m:jyxhicnJTP4OPKEf1fgrfAAPN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks