General

  • Target

    f1fa8a9fc638f6bc2e7ebbcd259e1b8d1e223db84102e13dd00bef318d3e9a8aN.exe

  • Size

    537KB

  • Sample

    241111-cw2mrszhnl

  • MD5

    9ea5bf6314ba66869d94055f87beb1e0

  • SHA1

    7ac6b71f8e5e44ffb986e60dac66ae65c1f3a5a1

  • SHA256

    80beacf93d19821cd529c23e740eb29fbc85929e60e3e9d6fc3639d6a5d6cc44

  • SHA512

    7b82b54709c47e565dd095b86e1223d190153ca714d0dd0dd6d148afcc0accd0fa726f2c4043b50f279ae76b8b165d30ad3dce34c70faf2f063e7b7737939da2

  • SSDEEP

    12288:uMr+y90jHJzYlOQSsF3QrUzPHfw8tc5EgYE7YI7N:0y0H+SKArC/w8tWM0N

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      f1fa8a9fc638f6bc2e7ebbcd259e1b8d1e223db84102e13dd00bef318d3e9a8aN.exe

    • Size

      537KB

    • MD5

      9ea5bf6314ba66869d94055f87beb1e0

    • SHA1

      7ac6b71f8e5e44ffb986e60dac66ae65c1f3a5a1

    • SHA256

      80beacf93d19821cd529c23e740eb29fbc85929e60e3e9d6fc3639d6a5d6cc44

    • SHA512

      7b82b54709c47e565dd095b86e1223d190153ca714d0dd0dd6d148afcc0accd0fa726f2c4043b50f279ae76b8b165d30ad3dce34c70faf2f063e7b7737939da2

    • SSDEEP

      12288:uMr+y90jHJzYlOQSsF3QrUzPHfw8tc5EgYE7YI7N:0y0H+SKArC/w8tWM0N

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks