General

  • Target

    fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799

  • Size

    1.1MB

  • Sample

    241111-hs93matrg1

  • MD5

    b6576769326f59a037383cef4df295b1

  • SHA1

    d5b061d516753922fb19608cef810e713c8b7acd

  • SHA256

    fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799

  • SHA512

    e211dd05858c407a6f59e49c1fb784bed0495c1fc8da7dfc6668c51a665702777243a87bc1519ca9f779cc6d71ed170ff6956a568d0594dee6ff19e85da1a3a8

  • SSDEEP

    12288:rMroy90r4TVUAXAyYkDF//Hrl57wOCIqZ0vcMeLu4Iu9ma78IUfdVYdT89h5DLoh:DyQSVJlY6h57wOQkX4maXsdD9nLB2ck

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799

    • Size

      1.1MB

    • MD5

      b6576769326f59a037383cef4df295b1

    • SHA1

      d5b061d516753922fb19608cef810e713c8b7acd

    • SHA256

      fff248229971b47a2b88eefbecb6ce2fdefd49c4fc590452a4885cab23511799

    • SHA512

      e211dd05858c407a6f59e49c1fb784bed0495c1fc8da7dfc6668c51a665702777243a87bc1519ca9f779cc6d71ed170ff6956a568d0594dee6ff19e85da1a3a8

    • SSDEEP

      12288:rMroy90r4TVUAXAyYkDF//Hrl57wOCIqZ0vcMeLu4Iu9ma78IUfdVYdT89h5DLoh:DyQSVJlY6h57wOQkX4maXsdD9nLB2ck

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks