General

  • Target

    8386ce86cf395ec988ace4506933f88ad9bc74c852aae8c9e2bcebc64de2f99e

  • Size

    517KB

  • Sample

    241114-3qh7caynbk

  • MD5

    6e2ba91a2c7fe681a0b867cb3136a0a9

  • SHA1

    d613afa30f6089b4f4c9c8f7649e5ceca6b4c0fa

  • SHA256

    8386ce86cf395ec988ace4506933f88ad9bc74c852aae8c9e2bcebc64de2f99e

  • SHA512

    35d3d791a8daf0d3139e459c1aabc569c169886f330403190e13dd0caef6b21f87840eaab547b71c1d2bf4dcedf09e8f655be6172405be4391e095284829ed3d

  • SSDEEP

    12288:5Mrfy90lBxagVVll3lr39sCymyjUfXJeKjbQoqBiZe3u:CyWBLVV/3J39sAxXQDFe

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      8386ce86cf395ec988ace4506933f88ad9bc74c852aae8c9e2bcebc64de2f99e

    • Size

      517KB

    • MD5

      6e2ba91a2c7fe681a0b867cb3136a0a9

    • SHA1

      d613afa30f6089b4f4c9c8f7649e5ceca6b4c0fa

    • SHA256

      8386ce86cf395ec988ace4506933f88ad9bc74c852aae8c9e2bcebc64de2f99e

    • SHA512

      35d3d791a8daf0d3139e459c1aabc569c169886f330403190e13dd0caef6b21f87840eaab547b71c1d2bf4dcedf09e8f655be6172405be4391e095284829ed3d

    • SSDEEP

      12288:5Mrfy90lBxagVVll3lr39sCymyjUfXJeKjbQoqBiZe3u:CyWBLVV/3J39sAxXQDFe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks