General

  • Target

    f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163

  • Size

    1.1MB

  • Sample

    241104-qrw4dasqhk

  • MD5

    60f2ec9fdcb9b314a840c2cb2d565d16

  • SHA1

    43970483d185c683836d63d4cd41b26d843e3992

  • SHA256

    f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163

  • SHA512

    cb8a62cdd7a409f02ab9bc128229214bc5ba6e0390e67c56eaaa2bf80beb779f3c0256df30a81ea82b94b59b8834a4097a5481908673f0bae8afd7760702a48b

  • SSDEEP

    24576:byfbyHvEC2hUfP75J0M4Hu+oBCzDfs37nigxVqt4d:OfbyPEC2S7D3YvE3Digb

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163

    • Size

      1.1MB

    • MD5

      60f2ec9fdcb9b314a840c2cb2d565d16

    • SHA1

      43970483d185c683836d63d4cd41b26d843e3992

    • SHA256

      f6f9e1c1633207f5559fedb663ee12039125c381bb378dba8a02bc1695577163

    • SHA512

      cb8a62cdd7a409f02ab9bc128229214bc5ba6e0390e67c56eaaa2bf80beb779f3c0256df30a81ea82b94b59b8834a4097a5481908673f0bae8afd7760702a48b

    • SSDEEP

      24576:byfbyHvEC2hUfP75J0M4Hu+oBCzDfs37nigxVqt4d:OfbyPEC2S7D3YvE3Digb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks