General

  • Target

    3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95aN.exe

  • Size

    536KB

  • Sample

    241216-jyqfva1qcw

  • MD5

    7e896c54db3618d1e0139bd0a0c6f4d0

  • SHA1

    9d8d03dfe95bdf3b1d8bc419220ad787b0dabfe8

  • SHA256

    3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95a

  • SHA512

    01c272d483b54aee1ec98a82092d68eecfcb93150d4a5b2f6b80331524fb8d825f960b002ec5506ebc1994f83697dc48f1526d233a278d01b5054a11cbb227e2

  • SSDEEP

    12288:6MrXy905KzzO8KWrseWluoNdzfg4ZLDbqkrQEfJhcwN:pyCK/fhd8BNdxZHbX/N

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95aN.exe

    • Size

      536KB

    • MD5

      7e896c54db3618d1e0139bd0a0c6f4d0

    • SHA1

      9d8d03dfe95bdf3b1d8bc419220ad787b0dabfe8

    • SHA256

      3ee13696244a657d1c49765ff52299f7823b03383eda0e664bafd7651ac2f95a

    • SHA512

      01c272d483b54aee1ec98a82092d68eecfcb93150d4a5b2f6b80331524fb8d825f960b002ec5506ebc1994f83697dc48f1526d233a278d01b5054a11cbb227e2

    • SSDEEP

      12288:6MrXy905KzzO8KWrseWluoNdzfg4ZLDbqkrQEfJhcwN:pyCK/fhd8BNdxZHbX/N

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.