General

  • Target

    949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487

  • Size

    543KB

  • Sample

    241110-dg9v9s1mej

  • MD5

    3b3c407e27aef897230db7ad78673e71

  • SHA1

    4fe630fe3b1962e7b7a5927cf912715023c0fe3f

  • SHA256

    949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487

  • SHA512

    35ca1a075a253b845ad798d02b4b539e84ea939e24d9881bf2be4d52f739e406352260d4cbc582510855867d339d1e4e9a03a198d3c90c916c8d1d2ffa5ca2e1

  • SSDEEP

    12288:3Mrky90jC2XJvoV9VLTD2fIcPWnmixiE30UtDZwjRO8+9ReluB:/ysZoDVKfZwxD0QwFX+f

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487

    • Size

      543KB

    • MD5

      3b3c407e27aef897230db7ad78673e71

    • SHA1

      4fe630fe3b1962e7b7a5927cf912715023c0fe3f

    • SHA256

      949f37d21480a7610124a062131a0ee8771786ff435335e98872dd12082be487

    • SHA512

      35ca1a075a253b845ad798d02b4b539e84ea939e24d9881bf2be4d52f739e406352260d4cbc582510855867d339d1e4e9a03a198d3c90c916c8d1d2ffa5ca2e1

    • SSDEEP

      12288:3Mrky90jC2XJvoV9VLTD2fIcPWnmixiE30UtDZwjRO8+9ReluB:/ysZoDVKfZwxD0QwFX+f

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks