General

  • Target

    e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384

  • Size

    659KB

  • Sample

    241110-eaks8syhke

  • MD5

    e3712475b34a023b2e82f610540deef9

  • SHA1

    67201dbc95df4e1e8ff04d75a122b0b7821a376a

  • SHA256

    e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384

  • SHA512

    9c4ad576fb6abd5caeda14601ca1aa49e1eded59b4e3e7b527b3db02420c008a0f7d727bdb61c297634abd9febd726c8d38902920a957d4e8d33ad2ea78328bf

  • SSDEEP

    12288:gMr0y90lML+e1kORgpcMeb0SqxGujQxx39eVBoHArc/ze7eu4NEX8unSL8:Eyx1kkUZ1XjIeVBoHCc7e7X4Nwxg8

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384

    • Size

      659KB

    • MD5

      e3712475b34a023b2e82f610540deef9

    • SHA1

      67201dbc95df4e1e8ff04d75a122b0b7821a376a

    • SHA256

      e4c34b4df1124a454b63b6494934f95511e3816918e332733eaf576ac686b384

    • SHA512

      9c4ad576fb6abd5caeda14601ca1aa49e1eded59b4e3e7b527b3db02420c008a0f7d727bdb61c297634abd9febd726c8d38902920a957d4e8d33ad2ea78328bf

    • SSDEEP

      12288:gMr0y90lML+e1kORgpcMeb0SqxGujQxx39eVBoHArc/ze7eu4NEX8unSL8:Eyx1kkUZ1XjIeVBoHCc7e7X4Nwxg8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks