General

  • Target

    42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622

  • Size

    516KB

  • Sample

    241110-bzcx5swkcx

  • MD5

    d4cc7d0dadcfb1fb0a21fa114592015c

  • SHA1

    34280083301fac39fb10974b307a15380c5e2d96

  • SHA256

    42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622

  • SHA512

    b072e47d42cd8d706c06e17ccf176215fa79565e4b37e47581e64ed70f9b8c6c8257aa68463e51f42e8c99f22249ae5db9eaa54559b77225ebfb8f1d03d5b50a

  • SSDEEP

    12288:AMr9y90nHAWaL8i04nioHGukmy3W/Ptvi9cn:tyo3NcOmymntvi9I

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622

    • Size

      516KB

    • MD5

      d4cc7d0dadcfb1fb0a21fa114592015c

    • SHA1

      34280083301fac39fb10974b307a15380c5e2d96

    • SHA256

      42fb7c372426740d446624dc0084f18f443f4b0ee9ec798288b53fd17a5ab622

    • SHA512

      b072e47d42cd8d706c06e17ccf176215fa79565e4b37e47581e64ed70f9b8c6c8257aa68463e51f42e8c99f22249ae5db9eaa54559b77225ebfb8f1d03d5b50a

    • SSDEEP

      12288:AMr9y90nHAWaL8i04nioHGukmy3W/Ptvi9cn:tyo3NcOmymntvi9I

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks