General

  • Target

    0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1

  • Size

    1.0MB

  • Sample

    241109-1gx8sssjdy

  • MD5

    68eb20fea33bfcdac49e48e389271f7d

  • SHA1

    11074c5fb379f407e686c9881eb05ef762a8838f

  • SHA256

    0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1

  • SHA512

    4fd07d943c5829160327936d96a7c6b74f473bebe0f26bba475d382e925cad19af470479515c6f6e9e8af8e97d01bf3b94346a5635f84b475b3e96b2ae3757c8

  • SSDEEP

    24576:Pyu8KpJ1pPQTWwSDHR9+mHQLcPHVPCdgwlA30MkObpMCIr89Xj2jk:au8Kp7p4T1Sx4ms8HVClAQObpMCXt4

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1

    • Size

      1.0MB

    • MD5

      68eb20fea33bfcdac49e48e389271f7d

    • SHA1

      11074c5fb379f407e686c9881eb05ef762a8838f

    • SHA256

      0fa25170b5f9df8ca97080f3348a234a3a220768c051f582118374dbd21efac1

    • SHA512

      4fd07d943c5829160327936d96a7c6b74f473bebe0f26bba475d382e925cad19af470479515c6f6e9e8af8e97d01bf3b94346a5635f84b475b3e96b2ae3757c8

    • SSDEEP

      24576:Pyu8KpJ1pPQTWwSDHR9+mHQLcPHVPCdgwlA30MkObpMCIr89Xj2jk:au8Kp7p4T1Sx4ms8HVClAQObpMCXt4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks