General

  • Target

    b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9

  • Size

    660KB

  • Sample

    241111-hfhgvavdkn

  • MD5

    625474b2b99045dbe2bc8cf7f1be274a

  • SHA1

    f2408e18fb6f3f2fe676931d6c1fabb419275455

  • SHA256

    b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9

  • SHA512

    414c96d45f2a82bcba3d06491cfcac151272ae5aabfd5c86877208218a980c56c27e6c9709c8863c2d8035e31f4029266530a2f3fdff80a20cf7020a0ce078cc

  • SSDEEP

    12288:2Mray90Thp3Sd8QztM+vMunTp1vdvxXN4bnwwgeivp4hVpMj:wy0pm8uCGMGfJRnuPej

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9

    • Size

      660KB

    • MD5

      625474b2b99045dbe2bc8cf7f1be274a

    • SHA1

      f2408e18fb6f3f2fe676931d6c1fabb419275455

    • SHA256

      b2271d4659a6731d38a75b986663c45071dd9b5c5fa828bf77c304b2304115c9

    • SHA512

      414c96d45f2a82bcba3d06491cfcac151272ae5aabfd5c86877208218a980c56c27e6c9709c8863c2d8035e31f4029266530a2f3fdff80a20cf7020a0ce078cc

    • SSDEEP

      12288:2Mray90Thp3Sd8QztM+vMunTp1vdvxXN4bnwwgeivp4hVpMj:wy0pm8uCGMGfJRnuPej

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks