General

  • Target

    7ca2c01a112630dc483d6449715c0f62c1bd3fb0d5453640eed527c9f9a2cbf0

  • Size

    546KB

  • Sample

    241111-gjrz1sxnfq

  • MD5

    464b9c1ae4733aa2263e76d5a30adc70

  • SHA1

    0b101fb3db084724d52823c5159d9ffdd815ef6f

  • SHA256

    7ca2c01a112630dc483d6449715c0f62c1bd3fb0d5453640eed527c9f9a2cbf0

  • SHA512

    07cfbe4551477b6a4d56336f031e6c3d2de4108bc5d59a7bada32943bdf95924d70a198520c4f6fc461e19094ae4cf3393539e46b13ba7a448fa6a319316ff91

  • SSDEEP

    12288:RMrby90ptScV0lKgmWR2Qe1Z1NBytsyMfc4giqn3MwsEvi:CyUPV0u1Z1N4tH4nysE6

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      7ca2c01a112630dc483d6449715c0f62c1bd3fb0d5453640eed527c9f9a2cbf0

    • Size

      546KB

    • MD5

      464b9c1ae4733aa2263e76d5a30adc70

    • SHA1

      0b101fb3db084724d52823c5159d9ffdd815ef6f

    • SHA256

      7ca2c01a112630dc483d6449715c0f62c1bd3fb0d5453640eed527c9f9a2cbf0

    • SHA512

      07cfbe4551477b6a4d56336f031e6c3d2de4108bc5d59a7bada32943bdf95924d70a198520c4f6fc461e19094ae4cf3393539e46b13ba7a448fa6a319316ff91

    • SSDEEP

      12288:RMrby90ptScV0lKgmWR2Qe1Z1NBytsyMfc4giqn3MwsEvi:CyUPV0u1Z1N4tH4nysE6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks