General

  • Target

    3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060

  • Size

    1.0MB

  • Sample

    241109-g5hcpszbmj

  • MD5

    c3ac4703e04c97a4573e1758a0694a92

  • SHA1

    7ef52bc69632d22c7cb3850fdad5873ac42ea8d6

  • SHA256

    3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060

  • SHA512

    3b14b95ad861d9800ad4306dde09fff4fab488b9bb1dede718c69c72434a9def5e1f8b50a17097d83b550b6e5c4a792d07d170277758f054ca2b5f7f513733f3

  • SSDEEP

    24576:FyrJCX6A6I1W1I9jEuybh/kBxCRvfHsCkKq/dOX:grJCz6I1WM7yb9ixivfH7kKq/d

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060

    • Size

      1.0MB

    • MD5

      c3ac4703e04c97a4573e1758a0694a92

    • SHA1

      7ef52bc69632d22c7cb3850fdad5873ac42ea8d6

    • SHA256

      3f9b4d06877f2941944fb478833a195a4728b6cdda016dbc899757acdccbf060

    • SHA512

      3b14b95ad861d9800ad4306dde09fff4fab488b9bb1dede718c69c72434a9def5e1f8b50a17097d83b550b6e5c4a792d07d170277758f054ca2b5f7f513733f3

    • SSDEEP

      24576:FyrJCX6A6I1W1I9jEuybh/kBxCRvfHsCkKq/dOX:grJCz6I1WM7yb9ixivfH7kKq/d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks