General

  • Target

    efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b

  • Size

    706KB

  • Sample

    241109-fyw2va1naj

  • MD5

    842ff338f9e1dc398ab2e02f7bb41d58

  • SHA1

    abdf1651dd1e29f34b059f2ecfcd6866eb8aadb6

  • SHA256

    efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b

  • SHA512

    b4b4b1f4ef59cad8eb3132529d2965f50901e1a112d9e4ee53346a4232e156affc77975508421702350a479d327bec14683d9e27c70fd85018979ec9ba3348af

  • SSDEEP

    12288:sMrSy90rS+AsSZ+EjYQobeeMQoQjJvjaMH/oBUgfhMC7j9m51FvoX1eb:2yJ+L6bYjMQnjBjT/oagWCE5vvoX1C

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b

    • Size

      706KB

    • MD5

      842ff338f9e1dc398ab2e02f7bb41d58

    • SHA1

      abdf1651dd1e29f34b059f2ecfcd6866eb8aadb6

    • SHA256

      efadfecc609247dc365b006d0d00f01852aec06a25d775936fcd36f51542e90b

    • SHA512

      b4b4b1f4ef59cad8eb3132529d2965f50901e1a112d9e4ee53346a4232e156affc77975508421702350a479d327bec14683d9e27c70fd85018979ec9ba3348af

    • SSDEEP

      12288:sMrSy90rS+AsSZ+EjYQobeeMQoQjJvjaMH/oBUgfhMC7j9m51FvoX1eb:2yJ+L6bYjMQnjBjT/oagWCE5vvoX1C

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks