General

  • Target

    4531a2839adcb2d4a453e2f80f0ba4f03671b4bf302290848f04e16fa855db28

  • Size

    533KB

  • Sample

    241109-fmkjnsyapb

  • MD5

    c2af39ec8ada7e949089ac1bbb46c1da

  • SHA1

    6b7d457cb49c518bf67eb67fc2c4e74e042f5bf7

  • SHA256

    4531a2839adcb2d4a453e2f80f0ba4f03671b4bf302290848f04e16fa855db28

  • SHA512

    dc90928d3de69da5f178390d526ff7a053c63f44c7ee5c9fa4603b7e5388f0e7187e834d89bc0c638220073b97b4bb2ab19f49a608759126e3c09e9f0e2cc0e3

  • SSDEEP

    12288:YMray90jIaxLF5n11yOFuogu8u4xsFIYshelP:CyQIaTvFFpt4QDT

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      4531a2839adcb2d4a453e2f80f0ba4f03671b4bf302290848f04e16fa855db28

    • Size

      533KB

    • MD5

      c2af39ec8ada7e949089ac1bbb46c1da

    • SHA1

      6b7d457cb49c518bf67eb67fc2c4e74e042f5bf7

    • SHA256

      4531a2839adcb2d4a453e2f80f0ba4f03671b4bf302290848f04e16fa855db28

    • SHA512

      dc90928d3de69da5f178390d526ff7a053c63f44c7ee5c9fa4603b7e5388f0e7187e834d89bc0c638220073b97b4bb2ab19f49a608759126e3c09e9f0e2cc0e3

    • SSDEEP

      12288:YMray90jIaxLF5n11yOFuogu8u4xsFIYshelP:CyQIaTvFFpt4QDT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks