General

  • Target

    ec48da0f2ab945d7fcba744676707fe19e16e3612d8ed2117e5c61d5cb20dd36

  • Size

    536KB

  • Sample

    241110-b8rgwswhpj

  • MD5

    35e1a260c44a3d2d1a383345db90f375

  • SHA1

    31cf890ca9407847ada40c2a8711975ce1a2486b

  • SHA256

    ec48da0f2ab945d7fcba744676707fe19e16e3612d8ed2117e5c61d5cb20dd36

  • SHA512

    393a785900a27d21f3329361a416e76eed808f71d77fc3556325b5d3e772e6a87b643df86b821cb1fc4f006a59a44cb367e396ac92559409f957c7f760088b79

  • SSDEEP

    12288:qMrXy90FyqFlVumV37b9H4w0IBLrTwEJ/zcy2n/FyL5Zi:ZyfqTJ14whBnTLJ7d2n/O8

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ec48da0f2ab945d7fcba744676707fe19e16e3612d8ed2117e5c61d5cb20dd36

    • Size

      536KB

    • MD5

      35e1a260c44a3d2d1a383345db90f375

    • SHA1

      31cf890ca9407847ada40c2a8711975ce1a2486b

    • SHA256

      ec48da0f2ab945d7fcba744676707fe19e16e3612d8ed2117e5c61d5cb20dd36

    • SHA512

      393a785900a27d21f3329361a416e76eed808f71d77fc3556325b5d3e772e6a87b643df86b821cb1fc4f006a59a44cb367e396ac92559409f957c7f760088b79

    • SSDEEP

      12288:qMrXy90FyqFlVumV37b9H4w0IBLrTwEJ/zcy2n/FyL5Zi:ZyfqTJ14whBnTLJ7d2n/O8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks