General

  • Target

    6426dc0fc945520c628d8060ada18ef06ce72cf14ec8499155307360da3898e3

  • Size

    534KB

  • Sample

    241111-htfv6symcn

  • MD5

    3497d00c9579d5375d27f4e138229db4

  • SHA1

    57d7edeaffe8e7003f5171430a9700bbd5804e9d

  • SHA256

    6426dc0fc945520c628d8060ada18ef06ce72cf14ec8499155307360da3898e3

  • SHA512

    1f6b6d652f97ae17ceb3ede0b95e31d743c3a5efc733cec0fa9e5af6eacdd1ace6663db50e00e468c7519751ccacd0a602546efc5db4091cb8d2ceb3b48595e9

  • SSDEEP

    12288:OMrhy90DZon+bIhYUlo3LqBBazayPmZ7wuI0h:rymnoo3GKDmRwu/

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      6426dc0fc945520c628d8060ada18ef06ce72cf14ec8499155307360da3898e3

    • Size

      534KB

    • MD5

      3497d00c9579d5375d27f4e138229db4

    • SHA1

      57d7edeaffe8e7003f5171430a9700bbd5804e9d

    • SHA256

      6426dc0fc945520c628d8060ada18ef06ce72cf14ec8499155307360da3898e3

    • SHA512

      1f6b6d652f97ae17ceb3ede0b95e31d743c3a5efc733cec0fa9e5af6eacdd1ace6663db50e00e468c7519751ccacd0a602546efc5db4091cb8d2ceb3b48595e9

    • SSDEEP

      12288:OMrhy90DZon+bIhYUlo3LqBBazayPmZ7wuI0h:rymnoo3GKDmRwu/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks