General

  • Target

    2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1

  • Size

    1022KB

  • Sample

    241109-xvcbpszgkc

  • MD5

    7c5db2fe68654156418a70e1247a7085

  • SHA1

    ef71d3e74ac83a65cc8202490949512f517f91ff

  • SHA256

    2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1

  • SHA512

    4e45c9fbb6e4e930febbce43673a7f890803e029ac28f317ee47f0f7766e22734c3b350ffca44c2f0d85c03c4e579e4ee92564bdc13d2d21188acff17857c214

  • SSDEEP

    24576:5yQ3aTSpaoQn3NP/SlZgijl2qklQSnUwAmNu8j/oA0/p:sCaTSpXmp/SlD2zlhUwAW/oA

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1

    • Size

      1022KB

    • MD5

      7c5db2fe68654156418a70e1247a7085

    • SHA1

      ef71d3e74ac83a65cc8202490949512f517f91ff

    • SHA256

      2fe1b1627c595f08caaddef5f8e776d81dd5136ab3f8e62746a309a7281601a1

    • SHA512

      4e45c9fbb6e4e930febbce43673a7f890803e029ac28f317ee47f0f7766e22734c3b350ffca44c2f0d85c03c4e579e4ee92564bdc13d2d21188acff17857c214

    • SSDEEP

      24576:5yQ3aTSpaoQn3NP/SlZgijl2qklQSnUwAmNu8j/oA0/p:sCaTSpXmp/SlD2zlhUwAW/oA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks