General

  • Target

    9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9.exe

  • Size

    604KB

  • Sample

    241113-zaq1gayemg

  • MD5

    0df627da6edc003535a7399d1f256b99

  • SHA1

    cb171be08087ed26a5946a3a4897b3181065273b

  • SHA256

    9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9

  • SHA512

    06af0afdbf81fce7fb2e5f0c07188c6e72a9830e0c7b6a91926dd17d0ec3d88fc48d24be2baa492b73fbde3a811dae55a541eb607549867b2ee62bfdfe015375

  • SSDEEP

    12288:FMrzy90/oJxpxJGr+qjVoy0+sOLVKGqePp0roAyxX7dmQHb:ey8oJxpvGr+QoypsOL4GqPoA4dmOb

Malware Config

Extracted

Family

redline

Botnet

ronam

C2

193.233.20.17:4139

Attributes
  • auth_value

    125421d19d14dd7fd211bc7f6d4aea6c

Targets

    • Target

      9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9.exe

    • Size

      604KB

    • MD5

      0df627da6edc003535a7399d1f256b99

    • SHA1

      cb171be08087ed26a5946a3a4897b3181065273b

    • SHA256

      9eab57e3411665a862441d0173bf8b04270095a7edbfc3859a39d50be0812ad9

    • SHA512

      06af0afdbf81fce7fb2e5f0c07188c6e72a9830e0c7b6a91926dd17d0ec3d88fc48d24be2baa492b73fbde3a811dae55a541eb607549867b2ee62bfdfe015375

    • SSDEEP

      12288:FMrzy90/oJxpxJGr+qjVoy0+sOLVKGqePp0roAyxX7dmQHb:ey8oJxpvGr+QoypsOL4GqPoA4dmOb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks