General

  • Target

    f70edcf9774ae4c240fbce16ec49276811f8fe3ca2d1f79432919a2b47d4f796N.exe

  • Size

    522KB

  • Sample

    241113-ysws1axpfw

  • MD5

    f2f6fd0fca3cbd7608276f4d4fd2cad0

  • SHA1

    41f4e5ade9e0f12882f6a5978999188f2f0d38d9

  • SHA256

    71b40e128468dd91ebeaf28394268c09683998672c84a87368b514d434363505

  • SHA512

    04b5c2614f96a841bdb44c8120e98b533d95d4e8cf1aca00b2d53e9518c4db0c93ceaefbce216c7ce14ae60096d9a825678a3851dff80a4ba0979ee0833e1373

  • SSDEEP

    12288:LMrly905fkHiIz1+3yktHGJ6qeCmKxTOdhR4qh1aXj2:eycfk/zXktHGJ6qeCxOdNTUj2

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      f70edcf9774ae4c240fbce16ec49276811f8fe3ca2d1f79432919a2b47d4f796N.exe

    • Size

      522KB

    • MD5

      f2f6fd0fca3cbd7608276f4d4fd2cad0

    • SHA1

      41f4e5ade9e0f12882f6a5978999188f2f0d38d9

    • SHA256

      71b40e128468dd91ebeaf28394268c09683998672c84a87368b514d434363505

    • SHA512

      04b5c2614f96a841bdb44c8120e98b533d95d4e8cf1aca00b2d53e9518c4db0c93ceaefbce216c7ce14ae60096d9a825678a3851dff80a4ba0979ee0833e1373

    • SSDEEP

      12288:LMrly905fkHiIz1+3yktHGJ6qeCmKxTOdhR4qh1aXj2:eycfk/zXktHGJ6qeCxOdNTUj2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks