General

  • Target

    150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238

  • Size

    1.2MB

  • Sample

    241109-fr37ksybpm

  • MD5

    c0a9dbbef699da8851a5ce0fd567c5af

  • SHA1

    9cf483565ac981545e78f4e992f2538b7ddd5083

  • SHA256

    150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238

  • SHA512

    6f6712d8faac5a064a3b5421b6ec107cacce3710e9afe349c4d4ffa6ca79863f1eb538a8ade7b69a922b07348852583a3b12999e2edb2cc92ce47ea80906f69d

  • SSDEEP

    24576:UypUmJM7/UtcNtv+jsQ7xMT8jJdYcoLGfhnMSzJHY:jpUm67OcNtv+4Q1MT8Ec/iSzJH

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238

    • Size

      1.2MB

    • MD5

      c0a9dbbef699da8851a5ce0fd567c5af

    • SHA1

      9cf483565ac981545e78f4e992f2538b7ddd5083

    • SHA256

      150eaf9466d35379e2bd637b81fef72c01554cb69605f8e2fab0c653393a8238

    • SHA512

      6f6712d8faac5a064a3b5421b6ec107cacce3710e9afe349c4d4ffa6ca79863f1eb538a8ade7b69a922b07348852583a3b12999e2edb2cc92ce47ea80906f69d

    • SSDEEP

      24576:UypUmJM7/UtcNtv+jsQ7xMT8jJdYcoLGfhnMSzJHY:jpUm67OcNtv+4Q1MT8Ec/iSzJH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks