General

  • Target

    85fc89340953bc556c8a83a7f6e38c2065e74dcc126c576af54ec397e0cf740c

  • Size

    543KB

  • Sample

    241109-emd68axcne

  • MD5

    3c565a8d4ac1d5b7cbe8a8c114a3fbe8

  • SHA1

    bb88b75a1a93fdf5f23c59bdeabe002887fb1941

  • SHA256

    85fc89340953bc556c8a83a7f6e38c2065e74dcc126c576af54ec397e0cf740c

  • SHA512

    ef7a291e87d2921a9bc411effda954e2e117e3389c99eb653d98461330e56475a14f92ce0f3e8ac01126d1ec0d77561848795d8f61f236f28e291a4bb50b75d3

  • SSDEEP

    12288:GMrny90nzrypJtaXXnfUyXE3YMSN1ZPqE6mqDm68q:5y2zr8OXsyUmN736VDT

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      85fc89340953bc556c8a83a7f6e38c2065e74dcc126c576af54ec397e0cf740c

    • Size

      543KB

    • MD5

      3c565a8d4ac1d5b7cbe8a8c114a3fbe8

    • SHA1

      bb88b75a1a93fdf5f23c59bdeabe002887fb1941

    • SHA256

      85fc89340953bc556c8a83a7f6e38c2065e74dcc126c576af54ec397e0cf740c

    • SHA512

      ef7a291e87d2921a9bc411effda954e2e117e3389c99eb653d98461330e56475a14f92ce0f3e8ac01126d1ec0d77561848795d8f61f236f28e291a4bb50b75d3

    • SSDEEP

      12288:GMrny90nzrypJtaXXnfUyXE3YMSN1ZPqE6mqDm68q:5y2zr8OXsyUmN736VDT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks