General

  • Target

    8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42

  • Size

    1.2MB

  • Sample

    241104-qvjmfssrcn

  • MD5

    ea1c5001fbb6c153ff7d1596108d8679

  • SHA1

    220f9aa32e690f26b28e32e1fd5ee441c81525e8

  • SHA256

    8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42

  • SHA512

    180574f47c41c70bcdd87ba10be9b0fd4398b7137b6d35649f950b28593e1b21f80668d9b30dfe5bb329d188bb55dc48e97f4f278280fd6bbd2dbb3d9580640d

  • SSDEEP

    24576:hyC/WdwwlyWZtNZRtlFqRlafUtsRBGtAXQseZ82cPV:UC/WdHlyWNZtFvfUtqUTv

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42

    • Size

      1.2MB

    • MD5

      ea1c5001fbb6c153ff7d1596108d8679

    • SHA1

      220f9aa32e690f26b28e32e1fd5ee441c81525e8

    • SHA256

      8b5ed7c4742ff19e11bb700273f786bca36fd2c0467fdf9b666e1becefa8fa42

    • SHA512

      180574f47c41c70bcdd87ba10be9b0fd4398b7137b6d35649f950b28593e1b21f80668d9b30dfe5bb329d188bb55dc48e97f4f278280fd6bbd2dbb3d9580640d

    • SSDEEP

      24576:hyC/WdwwlyWZtNZRtlFqRlafUtsRBGtAXQseZ82cPV:UC/WdHlyWNZtFvfUtqUTv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks