General

  • Target

    8cf5538310183a799f2d5abfbcfda528ea9df6471175799e256db3ed28e50715

  • Size

    665KB

  • Sample

    241110-eje94ssldj

  • MD5

    50ffe7a039b99de5071e7f695656cf70

  • SHA1

    2da77b5a5c0da49e4a7825d84c713eaeb9808c17

  • SHA256

    8cf5538310183a799f2d5abfbcfda528ea9df6471175799e256db3ed28e50715

  • SHA512

    75a65f36c64b7681d287cfd9a2ec2607b1f935ff77dc6137e34bab322b131fa8e6c712f9347a3a8af93b37418182fd464a32bf295b76ac2372ba93a8024d93cc

  • SSDEEP

    12288:DMrey903SOZ0XpeafFRRjxmIzQcw5gf8zbUrUV8k/wFzFd4fFIHjF:VybOZ0ZeafVwIz3WNUrfywgIh

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      8cf5538310183a799f2d5abfbcfda528ea9df6471175799e256db3ed28e50715

    • Size

      665KB

    • MD5

      50ffe7a039b99de5071e7f695656cf70

    • SHA1

      2da77b5a5c0da49e4a7825d84c713eaeb9808c17

    • SHA256

      8cf5538310183a799f2d5abfbcfda528ea9df6471175799e256db3ed28e50715

    • SHA512

      75a65f36c64b7681d287cfd9a2ec2607b1f935ff77dc6137e34bab322b131fa8e6c712f9347a3a8af93b37418182fd464a32bf295b76ac2372ba93a8024d93cc

    • SSDEEP

      12288:DMrey903SOZ0XpeafFRRjxmIzQcw5gf8zbUrUV8k/wFzFd4fFIHjF:VybOZ0ZeafVwIz3WNUrfywgIh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks