General

  • Target

    ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208

  • Size

    405KB

  • Sample

    241115-bm9fksvrex

  • MD5

    b8507cd8218043fe5338ba7823a5ea17

  • SHA1

    577beff9c09af69271919c89b4e9ea75e6f62cdb

  • SHA256

    ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208

  • SHA512

    85dc36d51fd9747b5e0659733249cdf7bf374d9337ea4cfe4c763ab576d44b9c601ffd5866ec6bf8a7626c463b8d88dc45ad8f5b9d797ee576b11f046005dfc7

  • SSDEEP

    6144:Kvy+bnr+vp0yN90QEXsGMfnkv++ZekjMH/DmggUUP5eRfpGiP90/cK8:ZMr/y90RsGS5cedaggUMCcQO/p8

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208

    • Size

      405KB

    • MD5

      b8507cd8218043fe5338ba7823a5ea17

    • SHA1

      577beff9c09af69271919c89b4e9ea75e6f62cdb

    • SHA256

      ac3df7e5eb213bb73a51c70c61ad7f5747b3ba5d2df7c8a82eae3e7e18674208

    • SHA512

      85dc36d51fd9747b5e0659733249cdf7bf374d9337ea4cfe4c763ab576d44b9c601ffd5866ec6bf8a7626c463b8d88dc45ad8f5b9d797ee576b11f046005dfc7

    • SSDEEP

      6144:Kvy+bnr+vp0yN90QEXsGMfnkv++ZekjMH/DmggUUP5eRfpGiP90/cK8:ZMr/y90RsGS5cedaggUMCcQO/p8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks