General

  • Target

    0e66fdb682463a2538564e82c5002fe1dea38e0e81ba4495938df22f91b0bce4N.exe

  • Size

    388KB

  • Sample

    241117-tc3jdstbqc

  • MD5

    6328e491c2d750621862aea720400270

  • SHA1

    d64edbcc8ee68a0f19559f7d851827931daecb0d

  • SHA256

    0e66fdb682463a2538564e82c5002fe1dea38e0e81ba4495938df22f91b0bce4

  • SHA512

    40a2926fb98bba696307a9029ee9970f948310388ee6b15e82dac158970d13fb274c7641911b058629142ea9a8e1dd413d7726a04a7f2e50d48917bb4e3b70a2

  • SSDEEP

    6144:Kty+bnr+3p0yN90QEfMWtKuJvB2+Dcmv+vdQ65HV7/7t+JacmcPBFP5LSmj6q:HMrvy90tMWt75ke+vd9JDt+85mBFd1

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      0e66fdb682463a2538564e82c5002fe1dea38e0e81ba4495938df22f91b0bce4N.exe

    • Size

      388KB

    • MD5

      6328e491c2d750621862aea720400270

    • SHA1

      d64edbcc8ee68a0f19559f7d851827931daecb0d

    • SHA256

      0e66fdb682463a2538564e82c5002fe1dea38e0e81ba4495938df22f91b0bce4

    • SHA512

      40a2926fb98bba696307a9029ee9970f948310388ee6b15e82dac158970d13fb274c7641911b058629142ea9a8e1dd413d7726a04a7f2e50d48917bb4e3b70a2

    • SSDEEP

      6144:Kty+bnr+3p0yN90QEfMWtKuJvB2+Dcmv+vdQ65HV7/7t+JacmcPBFP5LSmj6q:HMrvy90tMWt75ke+vd9JDt+85mBFd1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks