General

  • Target

    a05a7bf12afa7e003a3fa5229b917d93f6bfe3f06e581a560a75d67297c9df61N.exe

  • Size

    517KB

  • Sample

    241112-yyg7sszgme

  • MD5

    32bd32c2e5eea123b4a622660c2dd2f0

  • SHA1

    06e11fc8e3190659ed3f756170d040903adac45a

  • SHA256

    a05a7bf12afa7e003a3fa5229b917d93f6bfe3f06e581a560a75d67297c9df61

  • SHA512

    73e4a7da681fc4fc4ee4cd54f99f6ee56fbc89b2f090a36181cfcb81549e872a8796d0ccb84d955d49969440827f0b0df363f17214ba39ae30d7cb25013cde27

  • SSDEEP

    12288:WMrpy90mM9Kj4e9TKtj0pCiXgxipazO7ix:nyVM9HANpCiXBpaK7u

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      a05a7bf12afa7e003a3fa5229b917d93f6bfe3f06e581a560a75d67297c9df61N.exe

    • Size

      517KB

    • MD5

      32bd32c2e5eea123b4a622660c2dd2f0

    • SHA1

      06e11fc8e3190659ed3f756170d040903adac45a

    • SHA256

      a05a7bf12afa7e003a3fa5229b917d93f6bfe3f06e581a560a75d67297c9df61

    • SHA512

      73e4a7da681fc4fc4ee4cd54f99f6ee56fbc89b2f090a36181cfcb81549e872a8796d0ccb84d955d49969440827f0b0df363f17214ba39ae30d7cb25013cde27

    • SSDEEP

      12288:WMrpy90mM9Kj4e9TKtj0pCiXgxipazO7ix:nyVM9HANpCiXBpaK7u

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks