General

  • Target

    056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84

  • Size

    549KB

  • Sample

    241112-xze86ayhrb

  • MD5

    7c78c2716ed117d6547dafa5aa23750a

  • SHA1

    af74b34ebb5239547d5f0eddc44698ea0b45051e

  • SHA256

    056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84

  • SHA512

    f846723a905a77be59a1e98dd3353ea98a6e8bc6e23dfafbff9e2c60091148e04640fa55dca983e8660ace5149c060ea99c689e7a1ca73d12dbd00ad5ed0c2e2

  • SSDEEP

    12288:uMrSy90JIR6gVBqGJMmAJhEhSejNjf2xl:Iy0KqGJUfEJjf0l

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84

    • Size

      549KB

    • MD5

      7c78c2716ed117d6547dafa5aa23750a

    • SHA1

      af74b34ebb5239547d5f0eddc44698ea0b45051e

    • SHA256

      056a850b2ae5c553667ce5404ca481562dc4c1341f397f7126df44c01b1e7f84

    • SHA512

      f846723a905a77be59a1e98dd3353ea98a6e8bc6e23dfafbff9e2c60091148e04640fa55dca983e8660ace5149c060ea99c689e7a1ca73d12dbd00ad5ed0c2e2

    • SSDEEP

      12288:uMrSy90JIR6gVBqGJMmAJhEhSejNjf2xl:Iy0KqGJUfEJjf0l

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks