General

  • Target

    ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b

  • Size

    689KB

  • Sample

    241110-dwnlksxrax

  • MD5

    2a95abd270f77aaa56c16941f7af6d10

  • SHA1

    05568dd4e11223aeba8adac2b5fc4848e330b998

  • SHA256

    ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b

  • SHA512

    13f08741f5cb7d453e22a74323174f0ea5362fe326ee396d59d0fbf343c2b2627c49f2dd90f3d14ca8993ee6d98bf332836cd7856278c5d4d7fbe9f5788467d7

  • SSDEEP

    12288:uMrcy90jHX5lsKSPajXtzew9ZEVrtjH0Cy0sbri26z6hk85MKvW:uyDP4xew9ZEZtjUCypbO2y6B59O

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b

    • Size

      689KB

    • MD5

      2a95abd270f77aaa56c16941f7af6d10

    • SHA1

      05568dd4e11223aeba8adac2b5fc4848e330b998

    • SHA256

      ef0c022fd5684d2e861732f2c7fdbb3e64f2f41b8365231c404fb2fa5cbb169b

    • SHA512

      13f08741f5cb7d453e22a74323174f0ea5362fe326ee396d59d0fbf343c2b2627c49f2dd90f3d14ca8993ee6d98bf332836cd7856278c5d4d7fbe9f5788467d7

    • SSDEEP

      12288:uMrcy90jHX5lsKSPajXtzew9ZEVrtjH0Cy0sbri26z6hk85MKvW:uyDP4xew9ZEZtjUCypbO2y6B59O

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks