General

  • Target

    634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1

  • Size

    690KB

  • Sample

    241111-hsr7tavfjj

  • MD5

    a5d3418351f9d08fdd9a9f1e0cc90674

  • SHA1

    c026710bd5932c1577690dbca741e48acbc096ba

  • SHA256

    634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1

  • SHA512

    2506c84ff177336d409335938f9d400cbdf2288c5140465602f72de0f023fb36b8c35b862a37ef93feabd986b0971016cc5fc65328dc41a544e6a2b6c11684aa

  • SSDEEP

    12288:aMr0y90mRuttHQ88MnhIM95gTNN70tYJ9/7RN+hZNE3XJybYgQe07Ctl8L:Cyo88hIpN7ZJ9jRNsNE3MlQxAo

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1

    • Size

      690KB

    • MD5

      a5d3418351f9d08fdd9a9f1e0cc90674

    • SHA1

      c026710bd5932c1577690dbca741e48acbc096ba

    • SHA256

      634a5e31a17bcf4814cbe3ddacec51b87a2039c747b3896df62dda0ab024d5a1

    • SHA512

      2506c84ff177336d409335938f9d400cbdf2288c5140465602f72de0f023fb36b8c35b862a37ef93feabd986b0971016cc5fc65328dc41a544e6a2b6c11684aa

    • SSDEEP

      12288:aMr0y90mRuttHQ88MnhIM95gTNN70tYJ9/7RN+hZNE3XJybYgQe07Ctl8L:Cyo88hIpN7ZJ9jRNsNE3MlQxAo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks