General

  • Target

    8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059fN.exe

  • Size

    651KB

  • Sample

    241119-rlxy6axapb

  • MD5

    1d77e30d44293344767ee172b189e2a0

  • SHA1

    b4b43a0d69924cd5993dbe8818e613a99c37c811

  • SHA256

    8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059f

  • SHA512

    421e53095e0fe51dd7483699106dd17d1bc7ad147a1dd1ed546713a3d6dfa9e12fa723e6ed021b354b7b0a02f56780c5bc73dbd8abe0b62e1c06f697a9896363

  • SSDEEP

    12288:AMrIy90jb//HOJ3g7pTHaTBD3KEYmdikaft43o3:4y4bDHqBDBYmdWft430

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059fN.exe

    • Size

      651KB

    • MD5

      1d77e30d44293344767ee172b189e2a0

    • SHA1

      b4b43a0d69924cd5993dbe8818e613a99c37c811

    • SHA256

      8b941fe936ae374922c90d4a855082659c8f98b27456a0623ced965d86d0059f

    • SHA512

      421e53095e0fe51dd7483699106dd17d1bc7ad147a1dd1ed546713a3d6dfa9e12fa723e6ed021b354b7b0a02f56780c5bc73dbd8abe0b62e1c06f697a9896363

    • SSDEEP

      12288:AMrIy90jb//HOJ3g7pTHaTBD3KEYmdikaft43o3:4y4bDHqBDBYmdWft430

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks