General

  • Target

    b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351

  • Size

    705KB

  • Sample

    241109-xvszfszgpj

  • MD5

    9109b9c6f087185fadfb40daf2ae37ac

  • SHA1

    f2d14f8d362c4c6ec2774a6b878004fb9ca5e989

  • SHA256

    b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351

  • SHA512

    ee89efc3c0ef5a3c2e2f642793ec1b02334ce4b9eba815ff8b804d1494134d3034a06682d3c243da198764477890d313cf46e162c0867b0be04a0fb848432480

  • SSDEEP

    12288:wMr2y90bvuEVHSI18DhEIj7TJtecrwXYDwjSlu1HWYB3aoHpUT:WyEvpHRQJtec8ojeHHB3rUT

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351

    • Size

      705KB

    • MD5

      9109b9c6f087185fadfb40daf2ae37ac

    • SHA1

      f2d14f8d362c4c6ec2774a6b878004fb9ca5e989

    • SHA256

      b0b89f413997e7ba9aff87064a0c20a6578b0d5f6c9d8424cf3daa63f61d1351

    • SHA512

      ee89efc3c0ef5a3c2e2f642793ec1b02334ce4b9eba815ff8b804d1494134d3034a06682d3c243da198764477890d313cf46e162c0867b0be04a0fb848432480

    • SSDEEP

      12288:wMr2y90bvuEVHSI18DhEIj7TJtecrwXYDwjSlu1HWYB3aoHpUT:WyEvpHRQJtec8ojeHHB3rUT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks