General

  • Target

    66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924

  • Size

    1.0MB

  • Sample

    241111-gtxy1stlgy

  • MD5

    99222bba53687e163c06e6abfa10ba77

  • SHA1

    831ef02167dceaf09f94a6f29b5215e730c83980

  • SHA256

    66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924

  • SHA512

    902f691558aac0a54f42ac2836d9d314fd60ee951da75e35eb11fa7a712c27e628232758fd9d3fd9034d193d4bd76a6112a67d2e0619fd1451dccdbef0999764

  • SSDEEP

    24576:FyAktvFCJHtkAXwWaVn4d4rkDsgJ1OunKa6seT5+UnCK:gXtdCptkGwWu78sgq90U

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924

    • Size

      1.0MB

    • MD5

      99222bba53687e163c06e6abfa10ba77

    • SHA1

      831ef02167dceaf09f94a6f29b5215e730c83980

    • SHA256

      66ac3ce285382263415e72e5a23af7453a1046e4e077e260ca43dafd0023f924

    • SHA512

      902f691558aac0a54f42ac2836d9d314fd60ee951da75e35eb11fa7a712c27e628232758fd9d3fd9034d193d4bd76a6112a67d2e0619fd1451dccdbef0999764

    • SSDEEP

      24576:FyAktvFCJHtkAXwWaVn4d4rkDsgJ1OunKa6seT5+UnCK:gXtdCptkGwWu78sgq90U

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks