General

  • Target

    974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e

  • Size

    388KB

  • Sample

    241117-jg4xxavdle

  • MD5

    d0a757f64aa64800b0200779e309053b

  • SHA1

    cdb88fbd3ecc6d48d12a273b620b52a8a51fd843

  • SHA256

    974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e

  • SHA512

    b0f9cf93fec2b842b30d2e763cf92338638310da9e3bccea7dc459fa7fd887c74fd4dc113236f08463c9a422fdd79afa657bde8350df765d46c62a7400c0249a

  • SSDEEP

    12288:qMrJy90bOT8wNXn2KjfQoqBt2uw8+fLu:7yZ1ZnrQDex8yLu

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e

    • Size

      388KB

    • MD5

      d0a757f64aa64800b0200779e309053b

    • SHA1

      cdb88fbd3ecc6d48d12a273b620b52a8a51fd843

    • SHA256

      974c9ab0e4c45b6c18cece072dfa13bf9986a4545837edd32c9032ab9935de5e

    • SHA512

      b0f9cf93fec2b842b30d2e763cf92338638310da9e3bccea7dc459fa7fd887c74fd4dc113236f08463c9a422fdd79afa657bde8350df765d46c62a7400c0249a

    • SSDEEP

      12288:qMrJy90bOT8wNXn2KjfQoqBt2uw8+fLu:7yZ1ZnrQDex8yLu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks