General

  • Target

    57894dc585c12b582e6dfa1116fa65b16ed1f85819d26a224fd1202c1c915f4b

  • Size

    1.0MB

  • Sample

    241110-b6e13szlbj

  • MD5

    a59f74335dba2ee3784a912fb95c99ad

  • SHA1

    390606afc93c98c64584780673cd0d63911aff3a

  • SHA256

    57894dc585c12b582e6dfa1116fa65b16ed1f85819d26a224fd1202c1c915f4b

  • SHA512

    c52e229dbf9aa290e6729da3d7f71550d772b54e90c62883e73b1c21f2f7fceab9c7860b27c4fdf193b314aeb1223694015e9e78cfdce710beeb845a6f7e4690

  • SSDEEP

    24576:gyAPTegi+wo5VsOapuol7vAjg6OAL67MhxSWA8:nAPyg/wQVvIhSapH

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      57894dc585c12b582e6dfa1116fa65b16ed1f85819d26a224fd1202c1c915f4b

    • Size

      1.0MB

    • MD5

      a59f74335dba2ee3784a912fb95c99ad

    • SHA1

      390606afc93c98c64584780673cd0d63911aff3a

    • SHA256

      57894dc585c12b582e6dfa1116fa65b16ed1f85819d26a224fd1202c1c915f4b

    • SHA512

      c52e229dbf9aa290e6729da3d7f71550d772b54e90c62883e73b1c21f2f7fceab9c7860b27c4fdf193b314aeb1223694015e9e78cfdce710beeb845a6f7e4690

    • SSDEEP

      24576:gyAPTegi+wo5VsOapuol7vAjg6OAL67MhxSWA8:nAPyg/wQVvIhSapH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks