General

  • Target

    34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196

  • Size

    548KB

  • Sample

    241110-bwdehawfnr

  • MD5

    fb2970582d8f80d67da1ce73178363ee

  • SHA1

    60c1708b06131009577b7d301cd48783128ace8d

  • SHA256

    34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196

  • SHA512

    e5643791d797dff35a152a18b5821a4b1f439db2b62b063f451f975ad8fd97d11ec5e514c955a4bdb2d4ae567d2bee00f630af1fc62993d3e8c9d8df850d93b4

  • SSDEEP

    12288:2MrAy90O4wJHkMkmtrf4/hBZ9Pba7ygGuNnfE5C/IiXjGT:2yX46ATh3Na9GN5CHzGT

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196

    • Size

      548KB

    • MD5

      fb2970582d8f80d67da1ce73178363ee

    • SHA1

      60c1708b06131009577b7d301cd48783128ace8d

    • SHA256

      34a18231f4a3ae47e7b188ee1618ac2160360cc81e115b9bae8a894c8a197196

    • SHA512

      e5643791d797dff35a152a18b5821a4b1f439db2b62b063f451f975ad8fd97d11ec5e514c955a4bdb2d4ae567d2bee00f630af1fc62993d3e8c9d8df850d93b4

    • SSDEEP

      12288:2MrAy90O4wJHkMkmtrf4/hBZ9Pba7ygGuNnfE5C/IiXjGT:2yX46ATh3Na9GN5CHzGT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks