General

  • Target

    dcfe9e9f71f1e4cce690eb704be414e864dc1ab0b4a2639180b0326d166f5853

  • Size

    549KB

  • Sample

    241111-gl9ylsvckc

  • MD5

    16ed0f40bed4cc376abd5754a65bfe4d

  • SHA1

    1e2f142d12eda48fc5c852ec2e640a38fe6d38fc

  • SHA256

    dcfe9e9f71f1e4cce690eb704be414e864dc1ab0b4a2639180b0326d166f5853

  • SHA512

    60774ba978ab99689ce4ab706e1dd93b9d7f4ca15ef5ee36a6dc5f972481c317547d7ee83d1403c1f47fb6fa5e54fe39135cae4079ea9c85891225fd532c6ca3

  • SSDEEP

    12288:SMrWy90VQpN5TCMmk/ehfs+7fRdQKXwqV0mpw:IyT5wk/e++LoVYw

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      dcfe9e9f71f1e4cce690eb704be414e864dc1ab0b4a2639180b0326d166f5853

    • Size

      549KB

    • MD5

      16ed0f40bed4cc376abd5754a65bfe4d

    • SHA1

      1e2f142d12eda48fc5c852ec2e640a38fe6d38fc

    • SHA256

      dcfe9e9f71f1e4cce690eb704be414e864dc1ab0b4a2639180b0326d166f5853

    • SHA512

      60774ba978ab99689ce4ab706e1dd93b9d7f4ca15ef5ee36a6dc5f972481c317547d7ee83d1403c1f47fb6fa5e54fe39135cae4079ea9c85891225fd532c6ca3

    • SSDEEP

      12288:SMrWy90VQpN5TCMmk/ehfs+7fRdQKXwqV0mpw:IyT5wk/e++LoVYw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks