General

  • Target

    cc4797d21d1392d6012dcf759bd349fb9196516393739f82f85b23fd7e1663ea

  • Size

    530KB

  • Sample

    241111-hm713stra1

  • MD5

    3f90ea2885baa22de3fefc23d2c5f70e

  • SHA1

    bf7945f5484b8f5e11060b2a72a240b35e81d6f4

  • SHA256

    cc4797d21d1392d6012dcf759bd349fb9196516393739f82f85b23fd7e1663ea

  • SHA512

    0b63e1e61b3ac11963ce77e82df9748c920db592785c756de600abd9cb58e1cda9b218dd6be87db64bf1aa5ab303202d99081c74d6d9530e6ac31731ac6b916d

  • SSDEEP

    12288:0Mray90nUVhfBm+2EdgrVi50KVmQwqB5a9tYMw:WyzfUiqU5pAQ76Y

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      cc4797d21d1392d6012dcf759bd349fb9196516393739f82f85b23fd7e1663ea

    • Size

      530KB

    • MD5

      3f90ea2885baa22de3fefc23d2c5f70e

    • SHA1

      bf7945f5484b8f5e11060b2a72a240b35e81d6f4

    • SHA256

      cc4797d21d1392d6012dcf759bd349fb9196516393739f82f85b23fd7e1663ea

    • SHA512

      0b63e1e61b3ac11963ce77e82df9748c920db592785c756de600abd9cb58e1cda9b218dd6be87db64bf1aa5ab303202d99081c74d6d9530e6ac31731ac6b916d

    • SSDEEP

      12288:0Mray90nUVhfBm+2EdgrVi50KVmQwqB5a9tYMw:WyzfUiqU5pAQ76Y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks