General

  • Target

    9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c

  • Size

    1.2MB

  • Sample

    241110-bz9l4swhrf

  • MD5

    d1a8ead64a222476165403d3cede9d81

  • SHA1

    0795bf8c252a142309afb1e1d65e46a30a216c47

  • SHA256

    9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c

  • SHA512

    2100e4c7df88d2e14b4c8173b55f113f9157752d91da233306e7bdec00b5d1cdb020b0c1576f8910614a38bf9ce7b3e5b0797d61fc42a5e220a95a650ca8c9ea

  • SSDEEP

    24576:tyoG8BjoXj9UEl5NYph2kM4o1guMCYajyV:IH4g9UEpihJMN14Yy

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c

    • Size

      1.2MB

    • MD5

      d1a8ead64a222476165403d3cede9d81

    • SHA1

      0795bf8c252a142309afb1e1d65e46a30a216c47

    • SHA256

      9f50af425d17247d4d3d98131add501fa0982dcb37295df361b44b80866c841c

    • SHA512

      2100e4c7df88d2e14b4c8173b55f113f9157752d91da233306e7bdec00b5d1cdb020b0c1576f8910614a38bf9ce7b3e5b0797d61fc42a5e220a95a650ca8c9ea

    • SSDEEP

      24576:tyoG8BjoXj9UEl5NYph2kM4o1guMCYajyV:IH4g9UEpihJMN14Yy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks