General

  • Target

    d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251

  • Size

    1.3MB

  • Sample

    241109-epj59axdjb

  • MD5

    08cdb944ec65be70285ab80203ed0a1c

  • SHA1

    398907c257f7622e7cff3f69091222aa712c53bb

  • SHA256

    d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251

  • SHA512

    950e4157f4bbaf385f653480fb8a03782ee12927950770f4d9286b6b0ed39522ca740787a5e854ea73ec3f65dbead2c32c531b5b5b79d7077e3eb7d436b755c9

  • SSDEEP

    24576:QyAuafJTJyuZoD7HIMd7S5g1o+GnlVZo3VPdKfoPbbOSUHkM:XvaRAuXU6WlcVaVPdKfoj6SUHk

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251

    • Size

      1.3MB

    • MD5

      08cdb944ec65be70285ab80203ed0a1c

    • SHA1

      398907c257f7622e7cff3f69091222aa712c53bb

    • SHA256

      d507932171d6b8a7e70445521bf7e44e8ec8653a8d07a62ef39f960dfd099251

    • SHA512

      950e4157f4bbaf385f653480fb8a03782ee12927950770f4d9286b6b0ed39522ca740787a5e854ea73ec3f65dbead2c32c531b5b5b79d7077e3eb7d436b755c9

    • SSDEEP

      24576:QyAuafJTJyuZoD7HIMd7S5g1o+GnlVZo3VPdKfoPbbOSUHkM:XvaRAuXU6WlcVaVPdKfoj6SUHk

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks