General

  • Target

    2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0

  • Size

    697KB

  • Sample

    241111-gvpn2axqcm

  • MD5

    727df615151725e1d15d7821bf9b711c

  • SHA1

    1e107d3936300efc2e5655a7b2c5e78c7d2e0cfe

  • SHA256

    2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0

  • SHA512

    4be5cce574aeb012cd7449ace5b23a59002b5006e38a45670a872f844e91a81d2651758d151eebd0b3cad1bfb23d66a30146685ae2cc9d7ff0354f632906ce35

  • SSDEEP

    12288:kMrfy90KjMSLE06ezEn88hG0TLXtClMXLXLI/rGd5gjIk5VbGFLt7lmq:DynXyNG0vgqXYyfaCFaq

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0

    • Size

      697KB

    • MD5

      727df615151725e1d15d7821bf9b711c

    • SHA1

      1e107d3936300efc2e5655a7b2c5e78c7d2e0cfe

    • SHA256

      2b56fa44372403c081956088a640ebf45ed9d18866cc247639002ad9706345c0

    • SHA512

      4be5cce574aeb012cd7449ace5b23a59002b5006e38a45670a872f844e91a81d2651758d151eebd0b3cad1bfb23d66a30146685ae2cc9d7ff0354f632906ce35

    • SSDEEP

      12288:kMrfy90KjMSLE06ezEn88hG0TLXtClMXLXLI/rGd5gjIk5VbGFLt7lmq:DynXyNG0vgqXYyfaCFaq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks