General

  • Target

    4e1d0610a9dd95c87734fc2bd38a04b49118fe5c5ca6f0e5d18eb3730127d9c6

  • Size

    1.1MB

  • Sample

    241110-a6qxxaymcn

  • MD5

    c6df26c45491fbe664ff567b18daaa40

  • SHA1

    c871697d24ae8b6cd4d8a554894f860af99ed270

  • SHA256

    4e1d0610a9dd95c87734fc2bd38a04b49118fe5c5ca6f0e5d18eb3730127d9c6

  • SHA512

    5c41bf3ff2a6d1ab1cc17259885379224b54e7ae006050b96497ecbf179a2c33885b39ff8ab5f0fab1bca53da00363f18c3da36f09f11c0ffa51e774336782b0

  • SSDEEP

    24576:VyrLuh3iVmaE392yrA0ziKAHnXHtX05/53kAGRp0V2PWDrz:wvLY92v0WdH3tXGB3BGiR

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      4e1d0610a9dd95c87734fc2bd38a04b49118fe5c5ca6f0e5d18eb3730127d9c6

    • Size

      1.1MB

    • MD5

      c6df26c45491fbe664ff567b18daaa40

    • SHA1

      c871697d24ae8b6cd4d8a554894f860af99ed270

    • SHA256

      4e1d0610a9dd95c87734fc2bd38a04b49118fe5c5ca6f0e5d18eb3730127d9c6

    • SHA512

      5c41bf3ff2a6d1ab1cc17259885379224b54e7ae006050b96497ecbf179a2c33885b39ff8ab5f0fab1bca53da00363f18c3da36f09f11c0ffa51e774336782b0

    • SSDEEP

      24576:VyrLuh3iVmaE392yrA0ziKAHnXHtX05/53kAGRp0V2PWDrz:wvLY92v0WdH3tXGB3BGiR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks