General

  • Target

    b32311fc807236503d975253740d1267e4214f13f174a458b5007d249214fa3a

  • Size

    536KB

  • Sample

    241111-bs6xmszdjg

  • MD5

    16dcc638e74d1f4baebf61b2166d562d

  • SHA1

    073565b612683e3ee67325ffb03c24b27eeb8ce7

  • SHA256

    b32311fc807236503d975253740d1267e4214f13f174a458b5007d249214fa3a

  • SHA512

    03466c966fa273cf9c92a54025e7b29f5936d7c27f4d7238bdeb85cb9f428f21ba1a1242af30b1b9e6d24eb76f2de44c9c6d976dbc9e2909f29ae94c3f45d595

  • SSDEEP

    12288:mMrgy900i5f4HibHN0QXCguFONSzs+t2LC7ebk/w:qyy5bN0+C0NSn2O75/w

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b32311fc807236503d975253740d1267e4214f13f174a458b5007d249214fa3a

    • Size

      536KB

    • MD5

      16dcc638e74d1f4baebf61b2166d562d

    • SHA1

      073565b612683e3ee67325ffb03c24b27eeb8ce7

    • SHA256

      b32311fc807236503d975253740d1267e4214f13f174a458b5007d249214fa3a

    • SHA512

      03466c966fa273cf9c92a54025e7b29f5936d7c27f4d7238bdeb85cb9f428f21ba1a1242af30b1b9e6d24eb76f2de44c9c6d976dbc9e2909f29ae94c3f45d595

    • SSDEEP

      12288:mMrgy900i5f4HibHN0QXCguFONSzs+t2LC7ebk/w:qyy5bN0+C0NSn2O75/w

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks