General

  • Target

    2c04a3cf7603089e4d6866728fb763a6c7838b9abd62c75a3af349054ba223da

  • Size

    677KB

  • Sample

    241110-cgjhmswnez

  • MD5

    5c64df7cb586230b8009ceda1d8dae71

  • SHA1

    13b1cd12c7a45dd52e0d90c2725bdacebcbb52e1

  • SHA256

    2c04a3cf7603089e4d6866728fb763a6c7838b9abd62c75a3af349054ba223da

  • SHA512

    1b0959f0ad605a918b631a20e6cae569298791756878eef22595338bd854a9b14b03a1c7c039d8e657604cbcd1ad91819f29ee2c0890d5769f1e5f23e725ef27

  • SSDEEP

    12288:IMrCy90g/xEa3jEiIl9F06lkX8apIdwzVH3HhOke:qyTia3rN0krpNXHhFe

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      2c04a3cf7603089e4d6866728fb763a6c7838b9abd62c75a3af349054ba223da

    • Size

      677KB

    • MD5

      5c64df7cb586230b8009ceda1d8dae71

    • SHA1

      13b1cd12c7a45dd52e0d90c2725bdacebcbb52e1

    • SHA256

      2c04a3cf7603089e4d6866728fb763a6c7838b9abd62c75a3af349054ba223da

    • SHA512

      1b0959f0ad605a918b631a20e6cae569298791756878eef22595338bd854a9b14b03a1c7c039d8e657604cbcd1ad91819f29ee2c0890d5769f1e5f23e725ef27

    • SSDEEP

      12288:IMrCy90g/xEa3jEiIl9F06lkX8apIdwzVH3HhOke:qyTia3rN0krpNXHhFe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks