General

  • Target

    3281db425aa266fdf7d1b18509afe27b6307b08c8ea374601276df8793487611

  • Size

    660KB

  • Sample

    241111-gpv9maxpek

  • MD5

    73a3d615e95828e6ef214b6c8b0a994d

  • SHA1

    a215e8814acbe489f682e9175b0b19e74f952192

  • SHA256

    3281db425aa266fdf7d1b18509afe27b6307b08c8ea374601276df8793487611

  • SHA512

    a6c8bc793fd686b11e14d18f1173aead4b1c833f7d65449b897455accbcc118d6f13e37817eaa7246038eee57da66d250bdc52ddcb280d4abf1ffee3d8edf9ea

  • SSDEEP

    12288:2Mr5y90gLIiiBANqf2aWJIMVNq6pQg7n0tgnEZ6Izcek:DyLLRGOqf2dJISqMQm0tgnEZ6sk

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      3281db425aa266fdf7d1b18509afe27b6307b08c8ea374601276df8793487611

    • Size

      660KB

    • MD5

      73a3d615e95828e6ef214b6c8b0a994d

    • SHA1

      a215e8814acbe489f682e9175b0b19e74f952192

    • SHA256

      3281db425aa266fdf7d1b18509afe27b6307b08c8ea374601276df8793487611

    • SHA512

      a6c8bc793fd686b11e14d18f1173aead4b1c833f7d65449b897455accbcc118d6f13e37817eaa7246038eee57da66d250bdc52ddcb280d4abf1ffee3d8edf9ea

    • SSDEEP

      12288:2Mr5y90gLIiiBANqf2aWJIMVNq6pQg7n0tgnEZ6Izcek:DyLLRGOqf2dJISqMQm0tgnEZ6sk

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks