General

  • Target

    5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061

  • Size

    1.0MB

  • Sample

    241110-d1sq4aydpj

  • MD5

    14ebe138736fe05d3a106d4f99172f71

  • SHA1

    cab6b12627678b5594061cae4a9e70ea13cad490

  • SHA256

    5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061

  • SHA512

    6069706f9c0640063a6a91f0a551c6d54ab5bee3b7d70f22a985bfe9e86a75f0737464c277664328ddc8d84339c5b77c0a6925285bad1951d9cdbb02907d0427

  • SSDEEP

    24576:+yx0q/zgW+6+HuRRJeqPkcDc/Gl3T/3B:N5+c/P8+

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061

    • Size

      1.0MB

    • MD5

      14ebe138736fe05d3a106d4f99172f71

    • SHA1

      cab6b12627678b5594061cae4a9e70ea13cad490

    • SHA256

      5335dc09cc8602258c3882d2251d60b26022b0610ccc0f7bb4b96b73ca142061

    • SHA512

      6069706f9c0640063a6a91f0a551c6d54ab5bee3b7d70f22a985bfe9e86a75f0737464c277664328ddc8d84339c5b77c0a6925285bad1951d9cdbb02907d0427

    • SSDEEP

      24576:+yx0q/zgW+6+HuRRJeqPkcDc/Gl3T/3B:N5+c/P8+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks