General

  • Target

    598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a.exe

  • Size

    537KB

  • Sample

    241113-ye2gbsxnaz

  • MD5

    62f6b7b818fd0118f624b1a4c45f57d1

  • SHA1

    2ad2ed3b0976096c8e64e4f08070c81bf4c07c55

  • SHA256

    598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a

  • SHA512

    b1a3abc832519b03d8e0c89b4680ebb53957d5874140fdb4cecbd96ef544d910afb41297d2220222c7009ced0aeaf986d60237787523a703c00012b54129a79f

  • SSDEEP

    12288:QMrby90M4uhV8fRN+ucZUjDH3wRyIQr554xqtENFaWLOP:by/4A4/GZsXwRG95AsP

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a.exe

    • Size

      537KB

    • MD5

      62f6b7b818fd0118f624b1a4c45f57d1

    • SHA1

      2ad2ed3b0976096c8e64e4f08070c81bf4c07c55

    • SHA256

      598766dcba57826ab28c32eef5c7aa965aa2caa887aa800ca37484038a907d1a

    • SHA512

      b1a3abc832519b03d8e0c89b4680ebb53957d5874140fdb4cecbd96ef544d910afb41297d2220222c7009ced0aeaf986d60237787523a703c00012b54129a79f

    • SSDEEP

      12288:QMrby90M4uhV8fRN+ucZUjDH3wRyIQr554xqtENFaWLOP:by/4A4/GZsXwRG95AsP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks