General

  • Target

    91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c

  • Size

    536KB

  • Sample

    241110-dwswasycqm

  • MD5

    7cc7840a92f5287f455d037a428a3c12

  • SHA1

    4511b1f6ba45718b72ae8589204808d367e036ac

  • SHA256

    91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c

  • SHA512

    54758c4509252d1c400366ca57026ac247e42c40e245d1cfe995c6e8f3398d9af86581a55482f883b0c6ceb37fe00d81c3966c4e0326f7c24c3cb1eab2646244

  • SSDEEP

    12288:oMrIy90Uo1Spi4DHeBiyNCz4DZ2LyIHY3nRS:wynHjTyNCi29HY3o

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c

    • Size

      536KB

    • MD5

      7cc7840a92f5287f455d037a428a3c12

    • SHA1

      4511b1f6ba45718b72ae8589204808d367e036ac

    • SHA256

      91b1f2defa00283007804cdd0cb25a3cb30d52e53e684d695381c0ddfb365e4c

    • SHA512

      54758c4509252d1c400366ca57026ac247e42c40e245d1cfe995c6e8f3398d9af86581a55482f883b0c6ceb37fe00d81c3966c4e0326f7c24c3cb1eab2646244

    • SSDEEP

      12288:oMrIy90Uo1Spi4DHeBiyNCz4DZ2LyIHY3nRS:wynHjTyNCi29HY3o

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks