General

  • Target

    6092440d1b29095c5057d5b4115537c21c599f7996448e35fff994cfaded4adfN.exe

  • Size

    541KB

  • Sample

    241113-pdgabsvmhk

  • MD5

    4ae410cda59b613f7d22cf9dc3aac950

  • SHA1

    b414ceb4b059ad6f67a1e33a13173575902ccf28

  • SHA256

    6092440d1b29095c5057d5b4115537c21c599f7996448e35fff994cfaded4adf

  • SHA512

    2201e3bbd83d8b25e243bf4431eb4ec40f3855280e032f4eb4eefffb0106b11667e7559bea0776ceaa178f2abd2ede0d835b4c35de2a44f78ab534dc32ca35fc

  • SSDEEP

    12288:QMrky90xgUb26Z/3TTnbB0Mkk+KouDo6J1:ky83b2yThkk+CbJ1

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      6092440d1b29095c5057d5b4115537c21c599f7996448e35fff994cfaded4adfN.exe

    • Size

      541KB

    • MD5

      4ae410cda59b613f7d22cf9dc3aac950

    • SHA1

      b414ceb4b059ad6f67a1e33a13173575902ccf28

    • SHA256

      6092440d1b29095c5057d5b4115537c21c599f7996448e35fff994cfaded4adf

    • SHA512

      2201e3bbd83d8b25e243bf4431eb4ec40f3855280e032f4eb4eefffb0106b11667e7559bea0776ceaa178f2abd2ede0d835b4c35de2a44f78ab534dc32ca35fc

    • SSDEEP

      12288:QMrky90xgUb26Z/3TTnbB0Mkk+KouDo6J1:ky83b2yThkk+CbJ1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks