General

  • Target

    bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aacN

  • Size

    1.0MB

  • Sample

    241109-xne41szerf

  • MD5

    164399c07a84e784cf2c7d269893d210

  • SHA1

    1c55b2d73481c554265c5087f69c5c0119acb915

  • SHA256

    bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aac

  • SHA512

    13b6168b4a5ed69cb1abd29eabf562858d8d4df7b7abf6a1f9dd528ad6c068fc70695b3811ca9b7d12c1fee3db6d78b4f7a5bb63c632b2c53212fbedf77ab49c

  • SSDEEP

    24576:syrpgWUuWauTv5LC3pTeBH0fBQB6PfYIR3HvjxTByEuE:brpFK35ACUfBnPfb3PjBB

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aacN

    • Size

      1.0MB

    • MD5

      164399c07a84e784cf2c7d269893d210

    • SHA1

      1c55b2d73481c554265c5087f69c5c0119acb915

    • SHA256

      bd2f2ebbdf686024d93c5e2fbf1da182cb7549c6cf82f6de04ceca76aa746aac

    • SHA512

      13b6168b4a5ed69cb1abd29eabf562858d8d4df7b7abf6a1f9dd528ad6c068fc70695b3811ca9b7d12c1fee3db6d78b4f7a5bb63c632b2c53212fbedf77ab49c

    • SSDEEP

      24576:syrpgWUuWauTv5LC3pTeBH0fBQB6PfYIR3HvjxTByEuE:brpFK35ACUfBnPfb3PjBB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks