General

  • Target

    9e9caaaed514af6ba9664b653a0509d5ef4e0cc1641efc74e4a0731c683990ac.exe

  • Size

    546KB

  • Sample

    241113-pdt67a1hjf

  • MD5

    c20b91105230b384798c27b64cd86e5e

  • SHA1

    9a180f5cb721c1eb1147d3df47846434084b20b7

  • SHA256

    9e9caaaed514af6ba9664b653a0509d5ef4e0cc1641efc74e4a0731c683990ac

  • SHA512

    f99596342f4dbc68574ceb289ac4af82352cbda71e6d3bd9ea75cddb3b24a96a8758f93db1f3933a0507e37c174de5fdab9d6b57bac19b99a0102faa0f4af745

  • SSDEEP

    12288:5Mrby90cusb6VAvGZAtv7wmikMM99g+4OFoc:SyXuXV5EiO9m+4OFoc

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      9e9caaaed514af6ba9664b653a0509d5ef4e0cc1641efc74e4a0731c683990ac.exe

    • Size

      546KB

    • MD5

      c20b91105230b384798c27b64cd86e5e

    • SHA1

      9a180f5cb721c1eb1147d3df47846434084b20b7

    • SHA256

      9e9caaaed514af6ba9664b653a0509d5ef4e0cc1641efc74e4a0731c683990ac

    • SHA512

      f99596342f4dbc68574ceb289ac4af82352cbda71e6d3bd9ea75cddb3b24a96a8758f93db1f3933a0507e37c174de5fdab9d6b57bac19b99a0102faa0f4af745

    • SSDEEP

      12288:5Mrby90cusb6VAvGZAtv7wmikMM99g+4OFoc:SyXuXV5EiO9m+4OFoc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks