General

  • Target

    279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0

  • Size

    658KB

  • Sample

    241110-bmvx7ayqcr

  • MD5

    dd2a3b251e8247f9aa2a9efa76a0f3ad

  • SHA1

    1adc87d4b07c71e338b5cf406ef8fc9f47498385

  • SHA256

    279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0

  • SHA512

    9fa58c4bea674419cfcebfbfa8d1ebde04505531e0e03ac634595e5b323c8e9daa25a97fdf550c3f2a9734f1f1e2d8ec655abf8531244af8eda40908c468339a

  • SSDEEP

    12288:YMrFy90sxt+Gb2FxJ+P9ohU9b9KUx5ZjpI046Rzgjiumvt9uF:9yrvV2F/ax5ZKkzEiuQuF

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0

    • Size

      658KB

    • MD5

      dd2a3b251e8247f9aa2a9efa76a0f3ad

    • SHA1

      1adc87d4b07c71e338b5cf406ef8fc9f47498385

    • SHA256

      279947ab3fdd594b61a8ea93c1bab4ca5ca61f53481ba1db4e657da846405ca0

    • SHA512

      9fa58c4bea674419cfcebfbfa8d1ebde04505531e0e03ac634595e5b323c8e9daa25a97fdf550c3f2a9734f1f1e2d8ec655abf8531244af8eda40908c468339a

    • SSDEEP

      12288:YMrFy90sxt+Gb2FxJ+P9ohU9b9KUx5ZjpI046Rzgjiumvt9uF:9yrvV2F/ax5ZKkzEiuQuF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks