General

  • Target

    abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08

  • Size

    705KB

  • Sample

    241110-ejnw9ayhjn

  • MD5

    b1b47c7d2d2507d83cd3ed9357b886f1

  • SHA1

    b80f829b7d168ef5204583897917cb0d707caa70

  • SHA256

    abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08

  • SHA512

    9e16886943c60dd5d5d3d1fe44f07a831502f91fa8bb8cedda0d12b914341e68c35eaec265ddce6991b996a74b01f3ab7f52202e5319228a7d7dc61a344c7b70

  • SSDEEP

    12288:DMrjy90ows7asnRGeqqi4qgAMvnzqgtG0YHmfx/5LCaXd4A9Vhrp0vC:Qy7wsHzqqfqgAM/egtlNfx/5LCaOA9PJ

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08

    • Size

      705KB

    • MD5

      b1b47c7d2d2507d83cd3ed9357b886f1

    • SHA1

      b80f829b7d168ef5204583897917cb0d707caa70

    • SHA256

      abd35587a0ef8bc52ea5f570828f01fcb97343046f14560ace9cb3769083ee08

    • SHA512

      9e16886943c60dd5d5d3d1fe44f07a831502f91fa8bb8cedda0d12b914341e68c35eaec265ddce6991b996a74b01f3ab7f52202e5319228a7d7dc61a344c7b70

    • SSDEEP

      12288:DMrjy90ows7asnRGeqqi4qgAMvnzqgtG0YHmfx/5LCaXd4A9Vhrp0vC:Qy7wsHzqqfqgAM/egtlNfx/5LCaOA9PJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks