General

  • Target

    6903a019876043ef4a7c81eb0729c202a137d3fabe85fce0565fc936f8c2ac8aN

  • Size

    683KB

  • Sample

    241110-arr7esykaq

  • MD5

    588ef06b03f861d3f049b584a20d8800

  • SHA1

    06b1f5b3e6ab28bee4045d081c7a3ab921433e20

  • SHA256

    6903a019876043ef4a7c81eb0729c202a137d3fabe85fce0565fc936f8c2ac8a

  • SHA512

    9236d9512f11ab4fcf4cfae7ac9007216bf72ad80ce414f30354ee488603a344cd9341c77488c6b63b355b111e7959c0e2ce1adfc5c40ad0d712c3d70dda11e3

  • SSDEEP

    12288:hMrFy90zoZcte3wQzNGujdj5Cm5wWbp89nsvj014N81lm+qQn6DNeY:oySoK43Xzgum/WV8GvjFkm+4Np

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      6903a019876043ef4a7c81eb0729c202a137d3fabe85fce0565fc936f8c2ac8aN

    • Size

      683KB

    • MD5

      588ef06b03f861d3f049b584a20d8800

    • SHA1

      06b1f5b3e6ab28bee4045d081c7a3ab921433e20

    • SHA256

      6903a019876043ef4a7c81eb0729c202a137d3fabe85fce0565fc936f8c2ac8a

    • SHA512

      9236d9512f11ab4fcf4cfae7ac9007216bf72ad80ce414f30354ee488603a344cd9341c77488c6b63b355b111e7959c0e2ce1adfc5c40ad0d712c3d70dda11e3

    • SSDEEP

      12288:hMrFy90zoZcte3wQzNGujdj5Cm5wWbp89nsvj014N81lm+qQn6DNeY:oySoK43Xzgum/WV8GvjFkm+4Np

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks