General

  • Target

    8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0

  • Size

    676KB

  • Sample

    241110-ejyrfszarg

  • MD5

    e77fa1db8bf5ecda1ec6d6580dd7df49

  • SHA1

    f296b100d1332510a2f06a755ad8aa917e4a4668

  • SHA256

    8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0

  • SHA512

    c30fdca5f3e8ff9938a4122da5c8ee74a51ac0ed5646b8e43d9221fdcf38bc689bd07d53a97f8f19fa3820ca612dc14538db47148464948eafd125407c3946bb

  • SSDEEP

    12288:VMrEy90WQI1big5v/WJutWSz9MbBAiFFZuCMQIS0bULleFEp3/uOtpK3enQ9k:Vy6I1bjt/WIR9MhuCMQISmUBey5GOu3s

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0

    • Size

      676KB

    • MD5

      e77fa1db8bf5ecda1ec6d6580dd7df49

    • SHA1

      f296b100d1332510a2f06a755ad8aa917e4a4668

    • SHA256

      8eb0e51404f23083704d11cfaf3e2208aec0bc60222f9bbcfe7eb8282f0ebbb0

    • SHA512

      c30fdca5f3e8ff9938a4122da5c8ee74a51ac0ed5646b8e43d9221fdcf38bc689bd07d53a97f8f19fa3820ca612dc14538db47148464948eafd125407c3946bb

    • SSDEEP

      12288:VMrEy90WQI1big5v/WJutWSz9MbBAiFFZuCMQIS0bULleFEp3/uOtpK3enQ9k:Vy6I1bjt/WIR9MhuCMQISmUBey5GOu3s

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks