General

  • Target

    fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954

  • Size

    532KB

  • Sample

    241109-12mmsstcnc

  • MD5

    46f9fb74b20f1d11899ac38a1f3222cf

  • SHA1

    18d5fb45df3a51c1bd5230b44ded82e36c04206b

  • SHA256

    fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954

  • SHA512

    5a0509cb0fa3e22bd4af9292bb59416566632e0d71b0bc2eaa2a3aee92b1bc25fc0511b56603b781c22ffc6ed28583fab195c4b01b8b72208da225e412e102f9

  • SSDEEP

    6144:Kjy+bnr+bp0yN90QEt7YqB3REI5ujSTz02UlIxjXPTBKTI4mNqgsEb20eZC5K1S7:VMrXy90MMhEy0gf93ag23qEnY

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954

    • Size

      532KB

    • MD5

      46f9fb74b20f1d11899ac38a1f3222cf

    • SHA1

      18d5fb45df3a51c1bd5230b44ded82e36c04206b

    • SHA256

      fa9f0cee2a8d11942bb9319331ce10f9b372fd90f65997fdf8423874ae141954

    • SHA512

      5a0509cb0fa3e22bd4af9292bb59416566632e0d71b0bc2eaa2a3aee92b1bc25fc0511b56603b781c22ffc6ed28583fab195c4b01b8b72208da225e412e102f9

    • SSDEEP

      6144:Kjy+bnr+bp0yN90QEt7YqB3REI5ujSTz02UlIxjXPTBKTI4mNqgsEb20eZC5K1S7:VMrXy90MMhEy0gf93ag23qEnY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks