General

  • Target

    8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a

  • Size

    1.1MB

  • Sample

    241111-gv8rxavakq

  • MD5

    e284306e12dcdacb9fa53162790a18b0

  • SHA1

    20f1b82a6a9fd5e0f23d3725b789decb16405ca4

  • SHA256

    8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a

  • SHA512

    f15f14dec9256f499526c96d6e87706a18255a10f7366ca63c957d30c78e2576ff68d4d55193d0ab85fdf71db57397e3f0b8e676169c21fd22fc0e0964099e77

  • SSDEEP

    24576:Ny/bgqL1SN8ELd0Ubhi0dNPjHWIAwb03rAehy/3Sc7jPNG:ozh1SK2d0chi0dNPaRDI57jF

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a

    • Size

      1.1MB

    • MD5

      e284306e12dcdacb9fa53162790a18b0

    • SHA1

      20f1b82a6a9fd5e0f23d3725b789decb16405ca4

    • SHA256

      8963ae1339cdd1d4b7154da71b6f2a3bd85fd5c9631b346cec84f1ebb841c51a

    • SHA512

      f15f14dec9256f499526c96d6e87706a18255a10f7366ca63c957d30c78e2576ff68d4d55193d0ab85fdf71db57397e3f0b8e676169c21fd22fc0e0964099e77

    • SSDEEP

      24576:Ny/bgqL1SN8ELd0Ubhi0dNPjHWIAwb03rAehy/3Sc7jPNG:ozh1SK2d0chi0dNPaRDI57jF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks