General

  • Target

    0dacb24194eb1c21156bc8f5cfc44e269cabe7a870750a05c9b8ae0cdf5c6cd6

  • Size

    705KB

  • Sample

    241109-d8c1lszjfl

  • MD5

    5486aa75e21803839e0acd94a5085609

  • SHA1

    07de531e147822a0dd900ef12610d0ba579d9c61

  • SHA256

    0dacb24194eb1c21156bc8f5cfc44e269cabe7a870750a05c9b8ae0cdf5c6cd6

  • SHA512

    384648ad9f04c0e5613e318e4214a4bbea61fa57e0259f120e7a3415aa4929201d2aabb1609efb2854873e0b8da487bb87f125f62439f2864419a0bb5639899b

  • SSDEEP

    12288:/Mrjy90la0v42iOO6FmnU/OZ2ApL1aY6LGBhc068foyalJ+arNWBPCVZ:wyqaBJbnJYApT6kh5oyM1rNeqj

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      0dacb24194eb1c21156bc8f5cfc44e269cabe7a870750a05c9b8ae0cdf5c6cd6

    • Size

      705KB

    • MD5

      5486aa75e21803839e0acd94a5085609

    • SHA1

      07de531e147822a0dd900ef12610d0ba579d9c61

    • SHA256

      0dacb24194eb1c21156bc8f5cfc44e269cabe7a870750a05c9b8ae0cdf5c6cd6

    • SHA512

      384648ad9f04c0e5613e318e4214a4bbea61fa57e0259f120e7a3415aa4929201d2aabb1609efb2854873e0b8da487bb87f125f62439f2864419a0bb5639899b

    • SSDEEP

      12288:/Mrjy90la0v42iOO6FmnU/OZ2ApL1aY6LGBhc068foyalJ+arNWBPCVZ:wyqaBJbnJYApT6kh5oyM1rNeqj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks