General

  • Target

    aa4284adc12d9c67d5e13c5811da907db203078ae6933eeb27fd90fcbca94f14

  • Size

    673KB

  • Sample

    241110-bndqaswelm

  • MD5

    4cc81510fe6df951b6715d7fb794080a

  • SHA1

    6ed425c52cbde81937354efff70504a917e84d73

  • SHA256

    aa4284adc12d9c67d5e13c5811da907db203078ae6933eeb27fd90fcbca94f14

  • SHA512

    684b851a12b9b7a916396189759d076ec142fb2ebf2b2ce620fba19f8876ade22af33bbad9a58aceaaa21c21d3e3ae5dc971454f97d9ffce34e2eb1c327030e9

  • SSDEEP

    12288:BMrAy90MiNzRMQIkZLpu22MKF75h60y0762uW4n70y:Nybinv7u22rhM07JuLgy

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      aa4284adc12d9c67d5e13c5811da907db203078ae6933eeb27fd90fcbca94f14

    • Size

      673KB

    • MD5

      4cc81510fe6df951b6715d7fb794080a

    • SHA1

      6ed425c52cbde81937354efff70504a917e84d73

    • SHA256

      aa4284adc12d9c67d5e13c5811da907db203078ae6933eeb27fd90fcbca94f14

    • SHA512

      684b851a12b9b7a916396189759d076ec142fb2ebf2b2ce620fba19f8876ade22af33bbad9a58aceaaa21c21d3e3ae5dc971454f97d9ffce34e2eb1c327030e9

    • SSDEEP

      12288:BMrAy90MiNzRMQIkZLpu22MKF75h60y0762uW4n70y:Nybinv7u22rhM07JuLgy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks