General

  • Target

    4c7b5413a29a64ac83ba954eb34c525291b03a6c4f9439971d86682b40abd8bb

  • Size

    660KB

  • Sample

    241111-gm6mksvclb

  • MD5

    1d3010b2ead0c5d3b760bfeacd92f78a

  • SHA1

    d8803b06ce5ed58b48f1e1cf1738f6f4d8005578

  • SHA256

    4c7b5413a29a64ac83ba954eb34c525291b03a6c4f9439971d86682b40abd8bb

  • SHA512

    d73e6066ee242221b75f5b82d4400964c48287a5495d91a7d13f2e205d130a8ff6f86c7fb26542344250b72748723d5d76d1c538cd494b360a59243f5630a826

  • SSDEEP

    12288:UMrTy90Ex9QDC1mgLrixy+cWQG6LfvG2v5R8uP0MsxrLi5iUaWP5G5OjK:fyJ0YmgSERfbLXG2v5/PZsx65iU5wMe

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      4c7b5413a29a64ac83ba954eb34c525291b03a6c4f9439971d86682b40abd8bb

    • Size

      660KB

    • MD5

      1d3010b2ead0c5d3b760bfeacd92f78a

    • SHA1

      d8803b06ce5ed58b48f1e1cf1738f6f4d8005578

    • SHA256

      4c7b5413a29a64ac83ba954eb34c525291b03a6c4f9439971d86682b40abd8bb

    • SHA512

      d73e6066ee242221b75f5b82d4400964c48287a5495d91a7d13f2e205d130a8ff6f86c7fb26542344250b72748723d5d76d1c538cd494b360a59243f5630a826

    • SSDEEP

      12288:UMrTy90Ex9QDC1mgLrixy+cWQG6LfvG2v5R8uP0MsxrLi5iUaWP5G5OjK:fyJ0YmgSERfbLXG2v5/PZsx65iU5wMe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks