General

  • Target

    06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd

  • Size

    666KB

  • Sample

    241110-bl2pcawdrq

  • MD5

    3c56b031d94ad59d6cb0dc47479393d0

  • SHA1

    ab2c3c07378fe34fec24693a078796259319cc47

  • SHA256

    06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd

  • SHA512

    7bf4a9a37470203bb8963831b42ed1b625540482ccf625400ae5f232f2d7790cbe8854148efe20be2db970912faab49a3f373cb31aafe4880bd8ecb22454269c

  • SSDEEP

    12288:pMrKy90Htjsz8sTsbWFa4QSbKHa6zN8Ao69jkzrU4kS/wMdyhcNz:rynz8aQZlHaoN8Ao6SzrWswM9t

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd

    • Size

      666KB

    • MD5

      3c56b031d94ad59d6cb0dc47479393d0

    • SHA1

      ab2c3c07378fe34fec24693a078796259319cc47

    • SHA256

      06177b47b05788247fb4b04f96d2e90441ce96d035833878cf7a92224e7f94cd

    • SHA512

      7bf4a9a37470203bb8963831b42ed1b625540482ccf625400ae5f232f2d7790cbe8854148efe20be2db970912faab49a3f373cb31aafe4880bd8ecb22454269c

    • SSDEEP

      12288:pMrKy90Htjsz8sTsbWFa4QSbKHa6zN8Ao69jkzrU4kS/wMdyhcNz:rynz8aQZlHaoN8Ao6SzrWswM9t

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks