General

  • Target

    9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436

  • Size

    658KB

  • Sample

    241110-b1pckazkam

  • MD5

    5df6f93afdca1024c56539bd5952cef3

  • SHA1

    347466577e5d68183ac375f6d754b2120830130b

  • SHA256

    9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436

  • SHA512

    459ede848df1a574a48d72f0a25fd86ab96d4b387b161294c9777e22ddffaa06c659f6fd1a206af95267e69c90b438a938637f3996c37356d70cc98803283588

  • SSDEEP

    12288:HMr6y90JGwJRIl9rhCzzn+IY65x30FhlRMolm2VHpxXQ:py8dHYRh4z+IYIx30FNm2VHpi

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436

    • Size

      658KB

    • MD5

      5df6f93afdca1024c56539bd5952cef3

    • SHA1

      347466577e5d68183ac375f6d754b2120830130b

    • SHA256

      9fd4094014c87896b17d25156683597a8503c7feafebda449c0c2ea57f490436

    • SHA512

      459ede848df1a574a48d72f0a25fd86ab96d4b387b161294c9777e22ddffaa06c659f6fd1a206af95267e69c90b438a938637f3996c37356d70cc98803283588

    • SSDEEP

      12288:HMr6y90JGwJRIl9rhCzzn+IY65x30FhlRMolm2VHpxXQ:py8dHYRh4z+IYIx30FNm2VHpi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks