General

  • Target

    010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b

  • Size

    530KB

  • Sample

    241110-btlm4awgnf

  • MD5

    e1379ba20a0c2a7ef945b2f41e4f8de8

  • SHA1

    02977836018040a671fb14412ae2da93a788dd16

  • SHA256

    010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b

  • SHA512

    cead85d3223ad16c001374188092bcd51a24f1ec161825ca09c3e919b1a569fa9be0dc674c06bc274842dd7cad2198f54d9b7cf29dd4c4610f9ff09067520bca

  • SSDEEP

    12288:1Mrey90+6INXaBA8ozfQEtXrnXFyCRYE8ZxtY3NgF8/D8fC:fyX6INXf8Af9pXnRYE8ztYK7K

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b

    • Size

      530KB

    • MD5

      e1379ba20a0c2a7ef945b2f41e4f8de8

    • SHA1

      02977836018040a671fb14412ae2da93a788dd16

    • SHA256

      010f82df02d1882b2c6eaf20b9e081acfaa6516b559136c7004334b7e21f932b

    • SHA512

      cead85d3223ad16c001374188092bcd51a24f1ec161825ca09c3e919b1a569fa9be0dc674c06bc274842dd7cad2198f54d9b7cf29dd4c4610f9ff09067520bca

    • SSDEEP

      12288:1Mrey90+6INXaBA8ozfQEtXrnXFyCRYE8ZxtY3NgF8/D8fC:fyX6INXf8Af9pXnRYE8ztYK7K

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks