General

  • Target

    54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8

  • Size

    531KB

  • Sample

    241111-glp87svcje

  • MD5

    ee833c9c36e44866e927c3cb63a2b506

  • SHA1

    19b79e8324365211411bb8d3d4103da2374b4f2a

  • SHA256

    54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8

  • SHA512

    411060d6a060439b380db677ce016e7baeccbaa4d8bcfa2a3782aa04e91a32f185be2d14d77ddae7dd7da18d36659bca4c94141fa4278ee47230b4fba9c17326

  • SSDEEP

    12288:1Mrhy90X+GP4T5w6rV0ZnJIpBhqq/umB02XMY:wy8t4feZJ4hp/u00+MY

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8

    • Size

      531KB

    • MD5

      ee833c9c36e44866e927c3cb63a2b506

    • SHA1

      19b79e8324365211411bb8d3d4103da2374b4f2a

    • SHA256

      54472595e5d1dc5a72981da5bfb6750ea31ee37f17f8438e412b61cdec0e2ca8

    • SHA512

      411060d6a060439b380db677ce016e7baeccbaa4d8bcfa2a3782aa04e91a32f185be2d14d77ddae7dd7da18d36659bca4c94141fa4278ee47230b4fba9c17326

    • SSDEEP

      12288:1Mrhy90X+GP4T5w6rV0ZnJIpBhqq/umB02XMY:wy8t4feZJ4hp/u00+MY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks