General

  • Target

    4a67a54cc1bbb3fdf72309067c4015d1a6da8235c5bd356a6d860107b3f8b5b0

  • Size

    672KB

  • Sample

    241110-b7cbksxbkc

  • MD5

    32cf32445be11aaef9fd1bbb6ffacb49

  • SHA1

    611cb46ff8842a99f7182215ee094874d721be5d

  • SHA256

    4a67a54cc1bbb3fdf72309067c4015d1a6da8235c5bd356a6d860107b3f8b5b0

  • SHA512

    6433e685644544346a6ecb3cc14afeaead6d4ef7b8c6943cf4d2a0df36ba2db4ce0bf9f79692311e6cf0e996e4ac7de5522e4dcfba1393f673286a58a19dba0a

  • SSDEEP

    12288:zMr8y90zy5+rQATt1PH2PXqoRAZ27FVO0lbFmpZ3Lqb+XJkIwDNx:bys9QWtRH2PXVpoyx2Z3GNzDNx

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      4a67a54cc1bbb3fdf72309067c4015d1a6da8235c5bd356a6d860107b3f8b5b0

    • Size

      672KB

    • MD5

      32cf32445be11aaef9fd1bbb6ffacb49

    • SHA1

      611cb46ff8842a99f7182215ee094874d721be5d

    • SHA256

      4a67a54cc1bbb3fdf72309067c4015d1a6da8235c5bd356a6d860107b3f8b5b0

    • SHA512

      6433e685644544346a6ecb3cc14afeaead6d4ef7b8c6943cf4d2a0df36ba2db4ce0bf9f79692311e6cf0e996e4ac7de5522e4dcfba1393f673286a58a19dba0a

    • SSDEEP

      12288:zMr8y90zy5+rQATt1PH2PXqoRAZ27FVO0lbFmpZ3Lqb+XJkIwDNx:bys9QWtRH2PXVpoyx2Z3GNzDNx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks