General

  • Target

    26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175

  • Size

    406KB

  • Sample

    241112-zcbzbstpaj

  • MD5

    373bc978169a0f9bd9bccf256317fa9e

  • SHA1

    09d16cec007edd3b87cf930318974b8ba2c68303

  • SHA256

    26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175

  • SHA512

    bb7c3bd29f1630e1bea2cfef8b269773c0f39cbdab0b1b54bcaa221aa7f9c08d0d82cad124ab2d113d2b68ed6a3d9921ba0f28c06c47a56f02ed04e5bb3589e8

  • SSDEEP

    12288:jMrHy90AMoF0ncoLNj77Iagg6MjbNvChjz1Qpih:0yZMFcONj77wg6MjbNvAj5Qpk

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175

    • Size

      406KB

    • MD5

      373bc978169a0f9bd9bccf256317fa9e

    • SHA1

      09d16cec007edd3b87cf930318974b8ba2c68303

    • SHA256

      26d2b12eccd33a04aab9b52a1e808aa25e063da4859e8051c7c768f35eb3f175

    • SHA512

      bb7c3bd29f1630e1bea2cfef8b269773c0f39cbdab0b1b54bcaa221aa7f9c08d0d82cad124ab2d113d2b68ed6a3d9921ba0f28c06c47a56f02ed04e5bb3589e8

    • SSDEEP

      12288:jMrHy90AMoF0ncoLNj77Iagg6MjbNvChjz1Qpih:0yZMFcONj77wg6MjbNvAj5Qpk

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks