General

  • Target

    95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727

  • Size

    530KB

  • Sample

    241110-aq9p3swamb

  • MD5

    102fbb41c555a8c353a8c642db39f7d5

  • SHA1

    b44e604333af575f52bb45c64310dabb4e36faf3

  • SHA256

    95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727

  • SHA512

    b9d5a4c22ac97f3199f1b8f150cc8329fff407e9d1e79bfb5f4555ae80de5401028fa52e93838c54143b5b901294da76b98655204222bea00c1753fb7dfbb94c

  • SSDEEP

    12288:0Mrvy90Oz34E9XzahCKxJ+QS7/ACU43tJCs8nywp:7yZz37d+CM+/U43tJNwp

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727

    • Size

      530KB

    • MD5

      102fbb41c555a8c353a8c642db39f7d5

    • SHA1

      b44e604333af575f52bb45c64310dabb4e36faf3

    • SHA256

      95c29a03fd30cbc697d526a97a6036bc46c5862706f6225aeca4e74ad5419727

    • SHA512

      b9d5a4c22ac97f3199f1b8f150cc8329fff407e9d1e79bfb5f4555ae80de5401028fa52e93838c54143b5b901294da76b98655204222bea00c1753fb7dfbb94c

    • SSDEEP

      12288:0Mrvy90Oz34E9XzahCKxJ+QS7/ACU43tJCs8nywp:7yZz37d+CM+/U43tJNwp

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks