General

  • Target

    64bec3fe65069e5f7b005133c647aff0279d37f1e7d33ae2528b87d2e48fe108N.exe

  • Size

    522KB

  • Sample

    241111-gr4nsathqk

  • MD5

    028aed9b64e1f6200d4946bc9f329bbc

  • SHA1

    ac43b1b6294191e8273e9bc768172622845dfb7b

  • SHA256

    89040e7d35b9a12a6e9a529c3b9ec6c29fdd679ce3106d61fd2fe874615d2607

  • SHA512

    9586471c49364cce08fb95e990a1bb5388cdcde692c32e3273241bdcad2088a48fa7988534745dd44d79b9f8e170d00413011baafd13ef8931af277c6a8e149b

  • SSDEEP

    12288:zMrZy90I3rKYxZ/qXorwO4hCfJnQg/US66lOmyiY:yy9OYxZ/6o14Yf11HYmyiY

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      64bec3fe65069e5f7b005133c647aff0279d37f1e7d33ae2528b87d2e48fe108N.exe

    • Size

      522KB

    • MD5

      028aed9b64e1f6200d4946bc9f329bbc

    • SHA1

      ac43b1b6294191e8273e9bc768172622845dfb7b

    • SHA256

      89040e7d35b9a12a6e9a529c3b9ec6c29fdd679ce3106d61fd2fe874615d2607

    • SHA512

      9586471c49364cce08fb95e990a1bb5388cdcde692c32e3273241bdcad2088a48fa7988534745dd44d79b9f8e170d00413011baafd13ef8931af277c6a8e149b

    • SSDEEP

      12288:zMrZy90I3rKYxZ/qXorwO4hCfJnQg/US66lOmyiY:yy9OYxZ/6o14Yf11HYmyiY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks