General

  • Target

    20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd

  • Size

    959KB

  • Sample

    241112-y4p5layrhw

  • MD5

    46db51180b4f18c5377fa01933f11271

  • SHA1

    951791f08b895da91c122fd1db03137ac162470a

  • SHA256

    20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd

  • SHA512

    16e3ee92d8b6f05160907f541446574dfdf13cb1b3db5cb9d431e727f4effc56042fe3c3349b73f80d9312accb100e0e2b1533c9e4011b7faf3ed570ab13b83b

  • SSDEEP

    24576:eymtTVIkOmUtoblPrc+qklOXVNcKXtQhg:tmtTekO4JsHXVN7XtQ

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

193.233.20.23:4123

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd

    • Size

      959KB

    • MD5

      46db51180b4f18c5377fa01933f11271

    • SHA1

      951791f08b895da91c122fd1db03137ac162470a

    • SHA256

      20534bc4b00aef1c129612f5d211a9d0b7d49ea150b9272eaf4d1f08f9375fbd

    • SHA512

      16e3ee92d8b6f05160907f541446574dfdf13cb1b3db5cb9d431e727f4effc56042fe3c3349b73f80d9312accb100e0e2b1533c9e4011b7faf3ed570ab13b83b

    • SSDEEP

      24576:eymtTVIkOmUtoblPrc+qklOXVNcKXtQhg:tmtTekO4JsHXVN7XtQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks