General

  • Target

    9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c

  • Size

    689KB

  • Sample

    241111-brlkbaymcx

  • MD5

    74aaead1c8dd7c6500cc558a72f69e7d

  • SHA1

    ebd653a3d6fd37abd1467704bfa6748cafbd152e

  • SHA256

    9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c

  • SHA512

    3abc3f5e462713cd873c36ed3ad028dd1117e78ede19de5b23da276de9e78631533b2ad7d843d48d308652aad8e31b9dc992ac69777ef6687981bcb11793a9a9

  • SSDEEP

    12288:5Mruy90wdkETVrnXbp2yKmyt65hLu2usMSKI3VgS7vvmFnwfigRA5/H9T3Dt:vyMKkgfaTsLZ3VgwvinwagA/Hp5

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c

    • Size

      689KB

    • MD5

      74aaead1c8dd7c6500cc558a72f69e7d

    • SHA1

      ebd653a3d6fd37abd1467704bfa6748cafbd152e

    • SHA256

      9d96632ad4ea5d918bc15120e33afa90dc576db08d3eeedac3879da46170e18c

    • SHA512

      3abc3f5e462713cd873c36ed3ad028dd1117e78ede19de5b23da276de9e78631533b2ad7d843d48d308652aad8e31b9dc992ac69777ef6687981bcb11793a9a9

    • SSDEEP

      12288:5Mruy90wdkETVrnXbp2yKmyt65hLu2usMSKI3VgS7vvmFnwfigRA5/H9T3Dt:vyMKkgfaTsLZ3VgwvinwagA/Hp5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.