General

  • Target

    1361309036e5c48060e6785560207c4bcf6ccc36d19f669bc615dcc95e7e8097

  • Size

    659KB

  • Sample

    241110-b9gdbaxbna

  • MD5

    7c760a7da4cb3b135d6e0f9c323264fa

  • SHA1

    fe8f50a93d1ffb1cd4c78521c914f2a8ecadf20b

  • SHA256

    1361309036e5c48060e6785560207c4bcf6ccc36d19f669bc615dcc95e7e8097

  • SHA512

    e9cf6d19d7b5772b029256d38aa777a9614d5cd49862677f201770257fcdc273497073d60346ca60118f2fd23bde12ec308bfe4228428965beecd959ca1c02b8

  • SSDEEP

    12288:fMrny90g2NNVgbxmJO5AvjXR8aqomVR4Uwv74jQZ5x5L3FMd82Dl:oyh2NNVgbx5aLeNR4UQ5frGdL

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      1361309036e5c48060e6785560207c4bcf6ccc36d19f669bc615dcc95e7e8097

    • Size

      659KB

    • MD5

      7c760a7da4cb3b135d6e0f9c323264fa

    • SHA1

      fe8f50a93d1ffb1cd4c78521c914f2a8ecadf20b

    • SHA256

      1361309036e5c48060e6785560207c4bcf6ccc36d19f669bc615dcc95e7e8097

    • SHA512

      e9cf6d19d7b5772b029256d38aa777a9614d5cd49862677f201770257fcdc273497073d60346ca60118f2fd23bde12ec308bfe4228428965beecd959ca1c02b8

    • SSDEEP

      12288:fMrny90g2NNVgbxmJO5AvjXR8aqomVR4Uwv74jQZ5x5L3FMd82Dl:oyh2NNVgbx5aLeNR4UQ5frGdL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks