General

  • Target

    e9b31d99911d8cb042d5cd1b8b88fb78d6bbe8886cf374a35807ef750471a780

  • Size

    665KB

  • Sample

    241110-bqv3cswenr

  • MD5

    1e30110f3327da3b24645d285e2d7f71

  • SHA1

    b165973d740bfff000df32863f9c4f6de9045bf9

  • SHA256

    e9b31d99911d8cb042d5cd1b8b88fb78d6bbe8886cf374a35807ef750471a780

  • SHA512

    6d0ded7c13ecaa47f99a67410950ddf5c0589855d462abaab8db3d0a9eec270170b17c1e2d3f96cff2c4a91dc85a60d8a54a4b10e6e4498ad1fa23b4baae0bd6

  • SSDEEP

    12288:rMrcy90nzk5wdd3uh17/GeEMu6IXjhxq8HGWhir0h4vNQbwhx4Lq1yGYPyK:HyczMrGMSjhxq0imkNQI44yJPd

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      e9b31d99911d8cb042d5cd1b8b88fb78d6bbe8886cf374a35807ef750471a780

    • Size

      665KB

    • MD5

      1e30110f3327da3b24645d285e2d7f71

    • SHA1

      b165973d740bfff000df32863f9c4f6de9045bf9

    • SHA256

      e9b31d99911d8cb042d5cd1b8b88fb78d6bbe8886cf374a35807ef750471a780

    • SHA512

      6d0ded7c13ecaa47f99a67410950ddf5c0589855d462abaab8db3d0a9eec270170b17c1e2d3f96cff2c4a91dc85a60d8a54a4b10e6e4498ad1fa23b4baae0bd6

    • SSDEEP

      12288:rMrcy90nzk5wdd3uh17/GeEMu6IXjhxq8HGWhir0h4vNQbwhx4Lq1yGYPyK:HyczMrGMSjhxq0imkNQI44yJPd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks