General

  • Target

    51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af

  • Size

    673KB

  • Sample

    241110-bnjasawfmd

  • MD5

    571db67bd3194e386e91bf06f82fe5e6

  • SHA1

    8dc3ad6d9700be97e32e45c32c1c76d4adef1810

  • SHA256

    51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af

  • SHA512

    a3b56b0c2efe9b2e734c29293c2d5fefb73a97f8a8d827d243862833cc6484ec47461c0ae4bfc87d94e732756c2a8f01fe58aeaa5abc1db0e729b3ea969232ef

  • SSDEEP

    12288:FMrZy905JfI1kY4WHuBy+pNLodjejRHtPvbuW/o5WnnbGjs:EyS2n4WOc84ejFtPTuUlGjs

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af

    • Size

      673KB

    • MD5

      571db67bd3194e386e91bf06f82fe5e6

    • SHA1

      8dc3ad6d9700be97e32e45c32c1c76d4adef1810

    • SHA256

      51539529136d333f3f7a6fd2a8fed7dda275c8ba3947d1f6de4ccf9a9703b5af

    • SHA512

      a3b56b0c2efe9b2e734c29293c2d5fefb73a97f8a8d827d243862833cc6484ec47461c0ae4bfc87d94e732756c2a8f01fe58aeaa5abc1db0e729b3ea969232ef

    • SSDEEP

      12288:FMrZy905JfI1kY4WHuBy+pNLodjejRHtPvbuW/o5WnnbGjs:EyS2n4WOc84ejFtPTuUlGjs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks