General

  • Target

    9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752

  • Size

    536KB

  • Sample

    241110-b3abeswgpl

  • MD5

    8c5bc31110f153369d841d8c1db415d6

  • SHA1

    0042afb33eaad26f927c726c40176934183d44ee

  • SHA256

    9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752

  • SHA512

    3d51deec1debd3e6422117612eab27060b44a9f04e7160af724d90813a652464fb0858a4060c2f27535a23e473432ea749175f857d9d975ff47d23f24036716a

  • SSDEEP

    12288:sMrpy90aOFcgvzSJh5c7aXikNCzM3GAAe/Qq:Ny3g6O7aJNCyAe/Qq

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752

    • Size

      536KB

    • MD5

      8c5bc31110f153369d841d8c1db415d6

    • SHA1

      0042afb33eaad26f927c726c40176934183d44ee

    • SHA256

      9cd492ab2f7af0cf98698b110d87fab6d6dca72a4fe1e9e7c7ec8cd5dfdb3752

    • SHA512

      3d51deec1debd3e6422117612eab27060b44a9f04e7160af724d90813a652464fb0858a4060c2f27535a23e473432ea749175f857d9d975ff47d23f24036716a

    • SSDEEP

      12288:sMrpy90aOFcgvzSJh5c7aXikNCzM3GAAe/Qq:Ny3g6O7aJNCyAe/Qq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks