General

  • Target

    17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e

  • Size

    1.2MB

  • Sample

    241109-ed9a1azkgl

  • MD5

    44f1dde35b2a9d60c8bfeae3df16d2b1

  • SHA1

    ce5c36f118aeb79070cfbb264b955b01a8c09944

  • SHA256

    17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e

  • SHA512

    b057ed288cd92d8d096e7258fc5f828f099898c1e071f8677d314850580b4f5161bd10ffcadbf5627ece489e03107248d9addc3caa096dd7fdca13e063989364

  • SSDEEP

    24576:ayqvTDf5z5l+hCjRr56fh8Y+THrFDvx11TOw6oqldL1KsMdXbxQINcmW:hURFACV+h8Y+Rb1TOw6ohXbxfc

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e

    • Size

      1.2MB

    • MD5

      44f1dde35b2a9d60c8bfeae3df16d2b1

    • SHA1

      ce5c36f118aeb79070cfbb264b955b01a8c09944

    • SHA256

      17ffc304b5f3da31439c363234b56a98ef1831eb70bd62a0abf5712feedc2f5e

    • SHA512

      b057ed288cd92d8d096e7258fc5f828f099898c1e071f8677d314850580b4f5161bd10ffcadbf5627ece489e03107248d9addc3caa096dd7fdca13e063989364

    • SSDEEP

      24576:ayqvTDf5z5l+hCjRr56fh8Y+THrFDvx11TOw6oqldL1KsMdXbxQINcmW:hURFACV+h8Y+Rb1TOw6ohXbxfc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks