General

  • Target

    3df6d82bba89ca008eb976cda0fcade4c44fdcf51d536c614a5026dffab7a732

  • Size

    546KB

  • Sample

    241110-bmh9dsvqhz

  • MD5

    5116e75a6f0eac7029d184d126de0103

  • SHA1

    8bbddc11ac77a9c8b9c17c8256fb9afae218132e

  • SHA256

    3df6d82bba89ca008eb976cda0fcade4c44fdcf51d536c614a5026dffab7a732

  • SHA512

    c7d3dd526551a86987cb1e700c45e36be65aa6089ef7e9c712569131ce4579e6d991a50baa86f2728477bf4480762885469f17e76a38106596d2792c285f2dca

  • SSDEEP

    12288:xMr1y90RDAwgbSBCXRMCxF1fo2gpzvpfGSA+rPlgRx4+m+JmF2eK:EyMA3SBCXRMCflvojp+Sdb8x11v

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      3df6d82bba89ca008eb976cda0fcade4c44fdcf51d536c614a5026dffab7a732

    • Size

      546KB

    • MD5

      5116e75a6f0eac7029d184d126de0103

    • SHA1

      8bbddc11ac77a9c8b9c17c8256fb9afae218132e

    • SHA256

      3df6d82bba89ca008eb976cda0fcade4c44fdcf51d536c614a5026dffab7a732

    • SHA512

      c7d3dd526551a86987cb1e700c45e36be65aa6089ef7e9c712569131ce4579e6d991a50baa86f2728477bf4480762885469f17e76a38106596d2792c285f2dca

    • SSDEEP

      12288:xMr1y90RDAwgbSBCXRMCxF1fo2gpzvpfGSA+rPlgRx4+m+JmF2eK:EyMA3SBCXRMCflvojp+Sdb8x11v

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks