General

  • Target

    963dec08f327613e7e046a67a5157dfe282e13771952192ef4c74ca1975cf2ff

  • Size

    531KB

  • Sample

    241117-jfss9avenj

  • MD5

    6dfe66f563b1341a2ea2e9ce23d7b85d

  • SHA1

    2ee88e275e52ba5977ea94a9b45836eb2569ed5e

  • SHA256

    963dec08f327613e7e046a67a5157dfe282e13771952192ef4c74ca1975cf2ff

  • SHA512

    61f98bdff8ff56d993e6044903d06ec32db1c9cb723459217f32c4800dbb599499ac239fd47802ea7c8cf17deb9b15c41b2d9810487a1aa9e0da3c4bebafa7ce

  • SSDEEP

    12288:9Mrny90KTQblo3wG1bpMx90pSzobuWNU6nuy:eyj3/1buuSzgu2Tv

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      963dec08f327613e7e046a67a5157dfe282e13771952192ef4c74ca1975cf2ff

    • Size

      531KB

    • MD5

      6dfe66f563b1341a2ea2e9ce23d7b85d

    • SHA1

      2ee88e275e52ba5977ea94a9b45836eb2569ed5e

    • SHA256

      963dec08f327613e7e046a67a5157dfe282e13771952192ef4c74ca1975cf2ff

    • SHA512

      61f98bdff8ff56d993e6044903d06ec32db1c9cb723459217f32c4800dbb599499ac239fd47802ea7c8cf17deb9b15c41b2d9810487a1aa9e0da3c4bebafa7ce

    • SSDEEP

      12288:9Mrny90KTQblo3wG1bpMx90pSzobuWNU6nuy:eyj3/1buuSzgu2Tv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks