General

  • Target

    2f48929986848f25f0c2b6d4a17ac8dc6c7db316ff006e905a01a99f087fd0c3

  • Size

    528KB

  • Sample

    241110-dztl1a1qfn

  • MD5

    a14b8cacfb9be24aa9e7fcad093589ca

  • SHA1

    35994ac8ff8d46b17dd483a3b9d45fa43d929c6f

  • SHA256

    2f48929986848f25f0c2b6d4a17ac8dc6c7db316ff006e905a01a99f087fd0c3

  • SHA512

    8745752b850ae6c6c115b7c6c3a1c5f8cf2cc0f117a3878a6490f37a0c1f89a7c2669a2b5fa30ad2473faa629fac30901c5763980bce00ab70f5285826ac04b6

  • SSDEEP

    12288:zMrvy90Diw16NAvhgipKNqZyxj1y0V2Flq:gyjNAo1yLFlq

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      2f48929986848f25f0c2b6d4a17ac8dc6c7db316ff006e905a01a99f087fd0c3

    • Size

      528KB

    • MD5

      a14b8cacfb9be24aa9e7fcad093589ca

    • SHA1

      35994ac8ff8d46b17dd483a3b9d45fa43d929c6f

    • SHA256

      2f48929986848f25f0c2b6d4a17ac8dc6c7db316ff006e905a01a99f087fd0c3

    • SHA512

      8745752b850ae6c6c115b7c6c3a1c5f8cf2cc0f117a3878a6490f37a0c1f89a7c2669a2b5fa30ad2473faa629fac30901c5763980bce00ab70f5285826ac04b6

    • SSDEEP

      12288:zMrvy90Diw16NAvhgipKNqZyxj1y0V2Flq:gyjNAo1yLFlq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks