General

  • Target

    672fe2093565b07b9894e3a92cd067f1d1595166b5417794b7877eacd90aa153

  • Size

    561KB

  • Sample

    241111-hjqbvstqcx

  • MD5

    2fef668d92724195625e1d92cbdbc51d

  • SHA1

    b0e4d44ea9234176c367206a513653f9b1f80be8

  • SHA256

    672fe2093565b07b9894e3a92cd067f1d1595166b5417794b7877eacd90aa153

  • SHA512

    811d476ba30b2c1d058cbe9a3493a0a3aad6a0452b1b86bdcf86363eea5aaea8999c5e75d00798111cb10a9c73a1c4e9441688a90d49467262a8d52becc488ab

  • SSDEEP

    12288:kMrGy908nilYgZz/NDw8LTbdEXPMkULCFHQMZBcGh:6yVnfY/95LTaEwHQwBrh

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      672fe2093565b07b9894e3a92cd067f1d1595166b5417794b7877eacd90aa153

    • Size

      561KB

    • MD5

      2fef668d92724195625e1d92cbdbc51d

    • SHA1

      b0e4d44ea9234176c367206a513653f9b1f80be8

    • SHA256

      672fe2093565b07b9894e3a92cd067f1d1595166b5417794b7877eacd90aa153

    • SHA512

      811d476ba30b2c1d058cbe9a3493a0a3aad6a0452b1b86bdcf86363eea5aaea8999c5e75d00798111cb10a9c73a1c4e9441688a90d49467262a8d52becc488ab

    • SSDEEP

      12288:kMrGy908nilYgZz/NDw8LTbdEXPMkULCFHQMZBcGh:6yVnfY/95LTaEwHQwBrh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks