General

  • Target

    73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd.exe

  • Size

    515KB

  • Sample

    241111-gjmqastgmn

  • MD5

    7b43db74cd4bef4fc16db5aef3f404bf

  • SHA1

    669f95f2d04c22e4f15ff84c8ffa958f7363b0ca

  • SHA256

    73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd

  • SHA512

    d159a41fbf793b2392d297eb15d0c935f1e996dc0a4e3d0eeffd71e86f681621f0571377f7e7c4a0252772eacc276277af5c6dd868cfefb594e90ed1502346c0

  • SSDEEP

    12288:KMrty900l8Y062giyy5w/jSC/K5l72Ui+EUZxx/WnWg:vymNeh/I23+EUzNg

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd.exe

    • Size

      515KB

    • MD5

      7b43db74cd4bef4fc16db5aef3f404bf

    • SHA1

      669f95f2d04c22e4f15ff84c8ffa958f7363b0ca

    • SHA256

      73ed6e7b0d3e990d75e130c5167ce86bc8b89563fda525939bf5d8c77bf3a7fd

    • SHA512

      d159a41fbf793b2392d297eb15d0c935f1e996dc0a4e3d0eeffd71e86f681621f0571377f7e7c4a0252772eacc276277af5c6dd868cfefb594e90ed1502346c0

    • SSDEEP

      12288:KMrty900l8Y062giyy5w/jSC/K5l72Ui+EUZxx/WnWg:vymNeh/I23+EUzNg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks