General

  • Target

    1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac

  • Size

    531KB

  • Sample

    241110-bttzgawjbx

  • MD5

    721f0742e79b63bf4cfcb82a9ad4850d

  • SHA1

    95084937cdb6bcee8f5326581acd15189d221827

  • SHA256

    1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac

  • SHA512

    d510da5c49c91d6e25b8046934e834d2e71c538decff9a8115d496cd7068faaf1372f149f4cc90b28c4dea836751029208966b72be28100b8ef31f8ca308d665

  • SSDEEP

    12288:vMrNy90LkZPuVwvlJQn+0znJIzBWqq/pmUyun:Oy9ZaC/Qn/zJoWp/pt9

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac

    • Size

      531KB

    • MD5

      721f0742e79b63bf4cfcb82a9ad4850d

    • SHA1

      95084937cdb6bcee8f5326581acd15189d221827

    • SHA256

      1d8cde5d8a95f6976323585c7431115f5aea592327bf66e6ef4f9580bbe915ac

    • SHA512

      d510da5c49c91d6e25b8046934e834d2e71c538decff9a8115d496cd7068faaf1372f149f4cc90b28c4dea836751029208966b72be28100b8ef31f8ca308d665

    • SSDEEP

      12288:vMrNy90LkZPuVwvlJQn+0znJIzBWqq/pmUyun:Oy9ZaC/Qn/zJoWp/pt9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks