General

  • Target

    5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5

  • Size

    522KB

  • Sample

    241111-hfr2aavglg

  • MD5

    94ab6f0f68cd58baaa15a7c9dde04d63

  • SHA1

    e052c4603b9ef0dda2bedcfd95ac2ad2f4d2e0fb

  • SHA256

    5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5

  • SHA512

    b0ffea1aea48eff355d0275cc1f849d98bed5c89ed19bf715a7583451dd1c38f825bb2f20ee4c63f8f1149b92564e8c37a42241708ee1b656c59d9957514b940

  • SSDEEP

    6144:K+y+bnr+Np0yN90QErDmiTB21cgkrEaqxH/GmtIBXUqNssr/DniYHkzWYy0E82ER:6Mrhy905lgFI9UessrLiG87ME8vQqw

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5

    • Size

      522KB

    • MD5

      94ab6f0f68cd58baaa15a7c9dde04d63

    • SHA1

      e052c4603b9ef0dda2bedcfd95ac2ad2f4d2e0fb

    • SHA256

      5f4a816ff0f4e239a25bd99a34acf6c527c383de27547eea4836e4b384298ea5

    • SHA512

      b0ffea1aea48eff355d0275cc1f849d98bed5c89ed19bf715a7583451dd1c38f825bb2f20ee4c63f8f1149b92564e8c37a42241708ee1b656c59d9957514b940

    • SSDEEP

      6144:K+y+bnr+Np0yN90QErDmiTB21cgkrEaqxH/GmtIBXUqNssr/DniYHkzWYy0E82ER:6Mrhy905lgFI9UessrLiG87ME8vQqw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks