General

  • Target

    b916bb790e77ea668dc10d07141d96f86f0627b73da8670182ba80572a6038bd

  • Size

    689KB

  • Sample

    241110-d6hs3s1rhl

  • MD5

    600b9f726a7b121fbaff246f07cff516

  • SHA1

    281a7ec3d5acd81c9765a23acaddae92738877e1

  • SHA256

    b916bb790e77ea668dc10d07141d96f86f0627b73da8670182ba80572a6038bd

  • SHA512

    6c1f2bf67be9e643dec4d5c27729964aec85403f1d8041258f1afb9aa4d6dae4c7ae34cd4fb8752fa02dd1d0312442b82930aaa157038eee6ecc8718e4d3e523

  • SSDEEP

    12288:yMrry90veETPgEgVmqfEKgAnVA+ReF1Pm2bYXuU2Szf6ZsIzUPEfA08:VyAUUAnS+8FE2b0uWyBo/

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b916bb790e77ea668dc10d07141d96f86f0627b73da8670182ba80572a6038bd

    • Size

      689KB

    • MD5

      600b9f726a7b121fbaff246f07cff516

    • SHA1

      281a7ec3d5acd81c9765a23acaddae92738877e1

    • SHA256

      b916bb790e77ea668dc10d07141d96f86f0627b73da8670182ba80572a6038bd

    • SHA512

      6c1f2bf67be9e643dec4d5c27729964aec85403f1d8041258f1afb9aa4d6dae4c7ae34cd4fb8752fa02dd1d0312442b82930aaa157038eee6ecc8718e4d3e523

    • SSDEEP

      12288:yMrry90veETPgEgVmqfEKgAnVA+ReF1Pm2bYXuU2Szf6ZsIzUPEfA08:VyAUUAnS+8FE2b0uWyBo/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks