General

  • Target

    04a405dfcfe17139630b0b75293622cf5149d508b75ba335cbab14c9021da653

  • Size

    561KB

  • Sample

    241112-xyew1ayhpg

  • MD5

    a47320470babfcaf671eaeaa738aa130

  • SHA1

    e774b8e77d3ab8e6bb12c86eb9cc4ea9bcd27e78

  • SHA256

    04a405dfcfe17139630b0b75293622cf5149d508b75ba335cbab14c9021da653

  • SHA512

    fc215e00e7e31db9f4e887efedbdd5abcde2b994cd719bbb8845ddc185f492ef4a77cd7fac5d4224dc8e5109c556a767a2b7fccabcf15c574e123bbb4a5a213f

  • SSDEEP

    12288:iMrGy90Jkt4pd1sGy0FCcWsXPMauuRBlEpM6:AyF4sGFFM0EpuRBKM6

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      04a405dfcfe17139630b0b75293622cf5149d508b75ba335cbab14c9021da653

    • Size

      561KB

    • MD5

      a47320470babfcaf671eaeaa738aa130

    • SHA1

      e774b8e77d3ab8e6bb12c86eb9cc4ea9bcd27e78

    • SHA256

      04a405dfcfe17139630b0b75293622cf5149d508b75ba335cbab14c9021da653

    • SHA512

      fc215e00e7e31db9f4e887efedbdd5abcde2b994cd719bbb8845ddc185f492ef4a77cd7fac5d4224dc8e5109c556a767a2b7fccabcf15c574e123bbb4a5a213f

    • SSDEEP

      12288:iMrGy90Jkt4pd1sGy0FCcWsXPMauuRBlEpM6:AyF4sGFFM0EpuRBKM6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks