General

  • Target

    75ce678ab6a4a5114789c31dede4217d9f99d0b2290e19454a7292c63ee64f07N.exe

  • Size

    528KB

  • Sample

    241111-hlblgsvhjf

  • MD5

    3d235b69ed6439baf181cf1c6fa1893c

  • SHA1

    8b4ccabb4ecf48e4741d24e63275f2e9294b993e

  • SHA256

    f53653178dba5f08c4e79be3a3424815dee0e4f83fa08ec62f84cc61a8d6bf07

  • SHA512

    25d12fd8ecdd01e7704ed390207ecb7f3cf8c98a56317d884b46d0bb824bac45fe4708651aca4f064ee2de49c4a5343d2a6178c21cbf743b91589cd96803cb8d

  • SSDEEP

    12288:ZMrfy906kVVi3onfNodYU0tNS4Epy5BePNjlb572im:qyyVVij50DSEgPNpbZfm

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      75ce678ab6a4a5114789c31dede4217d9f99d0b2290e19454a7292c63ee64f07N.exe

    • Size

      528KB

    • MD5

      3d235b69ed6439baf181cf1c6fa1893c

    • SHA1

      8b4ccabb4ecf48e4741d24e63275f2e9294b993e

    • SHA256

      f53653178dba5f08c4e79be3a3424815dee0e4f83fa08ec62f84cc61a8d6bf07

    • SHA512

      25d12fd8ecdd01e7704ed390207ecb7f3cf8c98a56317d884b46d0bb824bac45fe4708651aca4f064ee2de49c4a5343d2a6178c21cbf743b91589cd96803cb8d

    • SSDEEP

      12288:ZMrfy906kVVi3onfNodYU0tNS4Epy5BePNjlb572im:qyyVVij50DSEgPNpbZfm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks