General

  • Target

    f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe

  • Size

    1.2MB

  • Sample

    241110-echrnaskbj

  • MD5

    602d16b14aa77fa9c93e2b45d10bea08

  • SHA1

    12e2f4dc73cdce26440396c0e83dc04261e25d1e

  • SHA256

    f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe

  • SHA512

    aeb7ab7bacceeb3a4a0a8ef9f0c02afc65f705d57fc3b246df4c626b030d7d8b2c7e570797c238276329849efe0e7a025be25a6b43b92136f5789fc342992b8d

  • SSDEEP

    24576:zyvKz31aB50I1lo+1ANmHiyUy3hPqEAOnDSgaryBd:Gs3Mud+WQUydYwD

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe

    • Size

      1.2MB

    • MD5

      602d16b14aa77fa9c93e2b45d10bea08

    • SHA1

      12e2f4dc73cdce26440396c0e83dc04261e25d1e

    • SHA256

      f044c105d1886a865d4613aa65a47870242543101c33a6a70c6a3a71c6b548fe

    • SHA512

      aeb7ab7bacceeb3a4a0a8ef9f0c02afc65f705d57fc3b246df4c626b030d7d8b2c7e570797c238276329849efe0e7a025be25a6b43b92136f5789fc342992b8d

    • SSDEEP

      24576:zyvKz31aB50I1lo+1ANmHiyUy3hPqEAOnDSgaryBd:Gs3Mud+WQUydYwD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks