General

  • Target

    a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018

  • Size

    1.1MB

  • Sample

    241109-gzflxsskcr

  • MD5

    d7c3f25879c5bbfa5a4b0d8a7c1f41e0

  • SHA1

    af59766602c6e967660034893eea771e797db5eb

  • SHA256

    a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018

  • SHA512

    a4e59c32209c6a8a049d77575b803dcd8c984b899edbdaf371f4afc3fb0740452ca07bfe5b7f58568b8ea3a9ff2e3854c88e3eb4cd73d89c9068513ec48ecd80

  • SSDEEP

    24576:2yhw/Wm3x0kvjP2+OG22t6Y7Y4ORaxZc:FS/Wyx0F+OG22tcRkZ

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018

    • Size

      1.1MB

    • MD5

      d7c3f25879c5bbfa5a4b0d8a7c1f41e0

    • SHA1

      af59766602c6e967660034893eea771e797db5eb

    • SHA256

      a00b69f971f95ed780540b58909cd0adc1f8a5c85aec1a1882a120af86b4c018

    • SHA512

      a4e59c32209c6a8a049d77575b803dcd8c984b899edbdaf371f4afc3fb0740452ca07bfe5b7f58568b8ea3a9ff2e3854c88e3eb4cd73d89c9068513ec48ecd80

    • SSDEEP

      24576:2yhw/Wm3x0kvjP2+OG22t6Y7Y4ORaxZc:FS/Wyx0F+OG22tcRkZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks