General

  • Target

    fbe49dae49b5b23a53c034702008896bf9480f78e8be8f677b1a5a1af4414a14

  • Size

    676KB

  • Sample

    241110-chh89sxcre

  • MD5

    ed1fb883cbaf276d88b332a693dc9449

  • SHA1

    66cfdf25e24d13ae48aa94b38b5851b3174bce3a

  • SHA256

    fbe49dae49b5b23a53c034702008896bf9480f78e8be8f677b1a5a1af4414a14

  • SHA512

    f82c7bf75bb3feff30b5a00f377ab867e5b80bad6c93fd601d0f43df7707ada13852b5d03993e273f6b2bf97e4e65d12cb064df246928e39deb596c728228346

  • SSDEEP

    12288:XMruy90mKTRZBxEO096RYAP0AOJK4mDHOeO+hoNF73a7A1GW/6z8J7oxl1:5ywTBA6WAsdI4IueO+hoN074p/z6n

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      fbe49dae49b5b23a53c034702008896bf9480f78e8be8f677b1a5a1af4414a14

    • Size

      676KB

    • MD5

      ed1fb883cbaf276d88b332a693dc9449

    • SHA1

      66cfdf25e24d13ae48aa94b38b5851b3174bce3a

    • SHA256

      fbe49dae49b5b23a53c034702008896bf9480f78e8be8f677b1a5a1af4414a14

    • SHA512

      f82c7bf75bb3feff30b5a00f377ab867e5b80bad6c93fd601d0f43df7707ada13852b5d03993e273f6b2bf97e4e65d12cb064df246928e39deb596c728228346

    • SSDEEP

      12288:XMruy90mKTRZBxEO096RYAP0AOJK4mDHOeO+hoNF73a7A1GW/6z8J7oxl1:5ywTBA6WAsdI4IueO+hoN074p/z6n

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks