General

  • Target

    f8a811aacdcf88fe0a44e6dc775a7c85b8b649f3f666d800869de95ba21e192a

  • Size

    706KB

  • Sample

    241111-mv4qvaxnfs

  • MD5

    71d04dcfbc265f25362f69ef4102a2ae

  • SHA1

    00ad4e5e46a1fd20c7e911f1fa500a5c3d68d6f2

  • SHA256

    f8a811aacdcf88fe0a44e6dc775a7c85b8b649f3f666d800869de95ba21e192a

  • SHA512

    ee84e52e4804e768dbdf45c965d2470a04ba5504b84b6103cf1f92fce3af8b256a33ff07b3de624d2096a63c740710f5da40577f207dc3eb4e07f17cc9f46fca

  • SSDEEP

    12288:sMrZy90QeflQ5SIiuYumhCsBv1vV3XcfapoP/L/X/zVWND3zJmTw0mZhFC:ly5eflSczum4Uz3XSHs39R0UC

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      f8a811aacdcf88fe0a44e6dc775a7c85b8b649f3f666d800869de95ba21e192a

    • Size

      706KB

    • MD5

      71d04dcfbc265f25362f69ef4102a2ae

    • SHA1

      00ad4e5e46a1fd20c7e911f1fa500a5c3d68d6f2

    • SHA256

      f8a811aacdcf88fe0a44e6dc775a7c85b8b649f3f666d800869de95ba21e192a

    • SHA512

      ee84e52e4804e768dbdf45c965d2470a04ba5504b84b6103cf1f92fce3af8b256a33ff07b3de624d2096a63c740710f5da40577f207dc3eb4e07f17cc9f46fca

    • SSDEEP

      12288:sMrZy90QeflQ5SIiuYumhCsBv1vV3XcfapoP/L/X/zVWND3zJmTw0mZhFC:ly5eflSczum4Uz3XSHs39R0UC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks