General

  • Target

    a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d

  • Size

    1.1MB

  • Sample

    241110-bnr8pavrax

  • MD5

    fd38a9543798508688ebb18d5c6c86fb

  • SHA1

    b67d46bc663a2b115e355a89cc5b17671c75bc28

  • SHA256

    a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d

  • SHA512

    0265eea966305a5250165bc7fc90046417cfe08c5ef9c5e141f2da511ceacf395e878e8736e43fcadb0df1bd84d379b34b5c4b6182de791120d8be8aa03c2aa4

  • SSDEEP

    24576:9y6/HT5pxJZyNt+biIscmYUL0UJol6dyMMRFzXJIV0B9jN6q:Y6r5pxX6ttPYUL0UJYMczXJ1B

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d

    • Size

      1.1MB

    • MD5

      fd38a9543798508688ebb18d5c6c86fb

    • SHA1

      b67d46bc663a2b115e355a89cc5b17671c75bc28

    • SHA256

      a91f3be86bd116bd709cc52ab28d434229b3bddac35056c3a683179d658e803d

    • SHA512

      0265eea966305a5250165bc7fc90046417cfe08c5ef9c5e141f2da511ceacf395e878e8736e43fcadb0df1bd84d379b34b5c4b6182de791120d8be8aa03c2aa4

    • SSDEEP

      24576:9y6/HT5pxJZyNt+biIscmYUL0UJol6dyMMRFzXJIV0B9jN6q:Y6r5pxX6ttPYUL0UJYMczXJ1B

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks