General

  • Target

    e74487a124558254a03086a16589ca518663ace110db1b115599bc89d88aa124

  • Size

    537KB

  • Sample

    241110-bnanmswfmb

  • MD5

    00123d3270c9a2e79903f009bbf2fb54

  • SHA1

    8b62061745324519b502a833fdc68842732328b5

  • SHA256

    e74487a124558254a03086a16589ca518663ace110db1b115599bc89d88aa124

  • SHA512

    32710ffe1ae687eb8c2144925d32b0d047f5152c84004f507d65b859ad4b0d1afa24d36bef09432ce41610953cef354659ebae8ae31074bb378ab5febff4dd87

  • SSDEEP

    12288:RMrKy90mqwX/KLikrzABSYvlNWzxEOqL4QeYQ:fyTqGgikrzuDlNW9qteL

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      e74487a124558254a03086a16589ca518663ace110db1b115599bc89d88aa124

    • Size

      537KB

    • MD5

      00123d3270c9a2e79903f009bbf2fb54

    • SHA1

      8b62061745324519b502a833fdc68842732328b5

    • SHA256

      e74487a124558254a03086a16589ca518663ace110db1b115599bc89d88aa124

    • SHA512

      32710ffe1ae687eb8c2144925d32b0d047f5152c84004f507d65b859ad4b0d1afa24d36bef09432ce41610953cef354659ebae8ae31074bb378ab5febff4dd87

    • SSDEEP

      12288:RMrKy90mqwX/KLikrzABSYvlNWzxEOqL4QeYQ:fyTqGgikrzuDlNW9qteL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks