General

  • Target

    da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15

  • Size

    673KB

  • Sample

    241110-bwrl5awhka

  • MD5

    c97ce15e9e6f3f119f0303bfcec9cbcf

  • SHA1

    d6eec48a2755d4201d529e22c282161a93bfa7bd

  • SHA256

    da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15

  • SHA512

    3fada44c908e5bdf5f0e5f9b113e7c76213a55870422fae4bb3aaac2a0c3fc229b62b6f8518ef4c520fc9665a9b7dd5679169a78cc2669e4bb86c8757ebb667f

  • SSDEEP

    12288:iMrMy90ic5xKyTUZhiPqVlRPruMFpDMuFR40Dc4R7uWp3SWIm26+qf:ayZbmYuMFpDvc4BuSIm26+S

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15

    • Size

      673KB

    • MD5

      c97ce15e9e6f3f119f0303bfcec9cbcf

    • SHA1

      d6eec48a2755d4201d529e22c282161a93bfa7bd

    • SHA256

      da82cb326dcab4f2d9c76a6ed7256737f07522b35cfed6378a47f4b49d049f15

    • SHA512

      3fada44c908e5bdf5f0e5f9b113e7c76213a55870422fae4bb3aaac2a0c3fc229b62b6f8518ef4c520fc9665a9b7dd5679169a78cc2669e4bb86c8757ebb667f

    • SSDEEP

      12288:iMrMy90ic5xKyTUZhiPqVlRPruMFpDMuFR40Dc4R7uWp3SWIm26+qf:ayZbmYuMFpDvc4BuSIm26+S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks