General

  • Target

    d82419b0b295534e7f43d682c6579cb97b47cf738b0b02a281a9a12199abf723N

  • Size

    515KB

  • Sample

    241110-dwd25sxras

  • MD5

    69c93d641326cb31f75fc06c27126910

  • SHA1

    a13328f7c48c6364fd26724d542b7c17363da03b

  • SHA256

    d82419b0b295534e7f43d682c6579cb97b47cf738b0b02a281a9a12199abf723

  • SHA512

    4d9763c3d343201acafe32a74db8baf27c23a4311f36bf657df8e2b2d4c7282481640e5d9ab7defcad75eecb6984899a06b861aa75567e569e1ca0553b04c586

  • SSDEEP

    12288:+MrZy90Fctc3IJW6T7v6p4oklnwfoioZuwAhEcfT1:PyGYx70InMugfT1

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      d82419b0b295534e7f43d682c6579cb97b47cf738b0b02a281a9a12199abf723N

    • Size

      515KB

    • MD5

      69c93d641326cb31f75fc06c27126910

    • SHA1

      a13328f7c48c6364fd26724d542b7c17363da03b

    • SHA256

      d82419b0b295534e7f43d682c6579cb97b47cf738b0b02a281a9a12199abf723

    • SHA512

      4d9763c3d343201acafe32a74db8baf27c23a4311f36bf657df8e2b2d4c7282481640e5d9ab7defcad75eecb6984899a06b861aa75567e569e1ca0553b04c586

    • SSDEEP

      12288:+MrZy90Fctc3IJW6T7v6p4oklnwfoioZuwAhEcfT1:PyGYx70InMugfT1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks