General

  • Target

    23525841a4223fc78aedcb5ac4a2c855bdfc3a177a7af575500c6ded8090a4b0

  • Size

    1.1MB

  • Sample

    241110-eke1qsymfs

  • MD5

    1681c286038a50dbe87c10b7d2435ccd

  • SHA1

    594a63b2d54d55dab91a8d6e5f4b9273cfbfcc4e

  • SHA256

    23525841a4223fc78aedcb5ac4a2c855bdfc3a177a7af575500c6ded8090a4b0

  • SHA512

    68fb96c9955696e027f1ed1408a9cf2c480e393e1d4e10cfc5212bb4a8e922c62a8c52ea884eafaa9205a3ce2871b5a7d9acd0384235c7ab31b83f334500f73f

  • SSDEEP

    24576:eyAxuNVaSNHR58ggFyh51LKe6UKMTjWcCud3QKKt/SfU14:t9N3HjGy36UJCud25S

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      23525841a4223fc78aedcb5ac4a2c855bdfc3a177a7af575500c6ded8090a4b0

    • Size

      1.1MB

    • MD5

      1681c286038a50dbe87c10b7d2435ccd

    • SHA1

      594a63b2d54d55dab91a8d6e5f4b9273cfbfcc4e

    • SHA256

      23525841a4223fc78aedcb5ac4a2c855bdfc3a177a7af575500c6ded8090a4b0

    • SHA512

      68fb96c9955696e027f1ed1408a9cf2c480e393e1d4e10cfc5212bb4a8e922c62a8c52ea884eafaa9205a3ce2871b5a7d9acd0384235c7ab31b83f334500f73f

    • SSDEEP

      24576:eyAxuNVaSNHR58ggFyh51LKe6UKMTjWcCud3QKKt/SfU14:t9N3HjGy36UJCud25S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks