General

  • Target

    fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76

  • Size

    537KB

  • Sample

    241110-dzgx7s1qep

  • MD5

    68aff4eefe0c8f2db496d27cae60cb22

  • SHA1

    a37ad1eff96588b2c5434f3989bd88feb7a23fe0

  • SHA256

    fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76

  • SHA512

    5776c93be443aa952955bd6b6823d61ea29b3e82e2ad97c9ca11840d542a697837850e4a613421671d0028468e1bbda71cbb801091f8fae61066ed213f5b2ae5

  • SSDEEP

    12288:zMrWy90heKcAfNVq29UM3HJwTeEB0g/O:5yAcAVT9dpwNBa

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76

    • Size

      537KB

    • MD5

      68aff4eefe0c8f2db496d27cae60cb22

    • SHA1

      a37ad1eff96588b2c5434f3989bd88feb7a23fe0

    • SHA256

      fd0158dfafc051a7fdbaac01161e408b1f37fe5c81f284765780bb6adc216d76

    • SHA512

      5776c93be443aa952955bd6b6823d61ea29b3e82e2ad97c9ca11840d542a697837850e4a613421671d0028468e1bbda71cbb801091f8fae61066ed213f5b2ae5

    • SSDEEP

      12288:zMrWy90heKcAfNVq29UM3HJwTeEB0g/O:5yAcAVT9dpwNBa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks