General

  • Target

    261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114

  • Size

    534KB

  • Sample

    241112-za3dha1aqf

  • MD5

    660f1f541b900fff4a1d5a8dbab43b20

  • SHA1

    285938ef84bb1068f988d95c2fd2a62c8235abe0

  • SHA256

    261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114

  • SHA512

    05e3a221d5f77317a426ea42a408ffddd3130e89d46393366ea73993310826a2643e8a17515a1aa3aacd200f78b286f4c6e8a09bf27d746f9548b6bf435738d8

  • SSDEEP

    12288:0Mrfy90byM5cOx8EGSVcYOu6LmvbDaNc5jZC5B4UTR:LyicfiVcupTDqojsTR

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114

    • Size

      534KB

    • MD5

      660f1f541b900fff4a1d5a8dbab43b20

    • SHA1

      285938ef84bb1068f988d95c2fd2a62c8235abe0

    • SHA256

      261c49f0fa159dbdfe53d00786d7421348e79f88a6726a160c8a1ef04ab5c114

    • SHA512

      05e3a221d5f77317a426ea42a408ffddd3130e89d46393366ea73993310826a2643e8a17515a1aa3aacd200f78b286f4c6e8a09bf27d746f9548b6bf435738d8

    • SSDEEP

      12288:0Mrfy90byM5cOx8EGSVcYOu6LmvbDaNc5jZC5B4UTR:LyicfiVcupTDqojsTR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks