General

  • Target

    aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555

  • Size

    994KB

  • Sample

    241115-brlkbawfmb

  • MD5

    8fbc8e91fc496b5ed159ba7552e00079

  • SHA1

    0c0c856fbfd7e8f66e27b8d0f7d781ef9dbb2efc

  • SHA256

    aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555

  • SHA512

    d5af39648ef779e484557995daf142f3ea373b0a5228a0da927fb747729ee597dee249a64b3772215f314cc0906ab7e1fbfe0b894148cebd6444791d73c71a4f

  • SSDEEP

    24576:XyuYEoE2XI+Hb3F5m/e8XfnXrdS3vxEGG4ePVe5+k+Vt+Whr:iurIX3bzqXPgKGG4eM5+k7

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555

    • Size

      994KB

    • MD5

      8fbc8e91fc496b5ed159ba7552e00079

    • SHA1

      0c0c856fbfd7e8f66e27b8d0f7d781ef9dbb2efc

    • SHA256

      aeef4ac14ee2c5e9908e8ebc5853afe4d7b9542fee9d2c1dfd89770d08dca555

    • SHA512

      d5af39648ef779e484557995daf142f3ea373b0a5228a0da927fb747729ee597dee249a64b3772215f314cc0906ab7e1fbfe0b894148cebd6444791d73c71a4f

    • SSDEEP

      24576:XyuYEoE2XI+Hb3F5m/e8XfnXrdS3vxEGG4ePVe5+k+Vt+Whr:iurIX3bzqXPgKGG4eM5+k7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks