General

  • Target

    197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5

  • Size

    1.4MB

  • Sample

    241110-dmtfga1ncq

  • MD5

    661f688c0b884f01ddfe7f46a3bc237f

  • SHA1

    de9f3917bb68bb8ff76302ed4d7294d60618e8c6

  • SHA256

    197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5

  • SHA512

    c18bfe84f417045a131b694732a48062b98979e223b11da00abc36e457499c241db0498c852b56768c081be45f9ccb54c73b3f777f34c0a17f0b80cff69a60bd

  • SSDEEP

    24576:GyGgh/VmChpl1CWlsntM1bWJHmE4v/reY2nz5LyicUO6N+HQrEYTPepwrl+F:V//1hplnlstM1bW4Pv/rehzJyii+Y+7Q

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5

    • Size

      1.4MB

    • MD5

      661f688c0b884f01ddfe7f46a3bc237f

    • SHA1

      de9f3917bb68bb8ff76302ed4d7294d60618e8c6

    • SHA256

      197244ca88dfa25b25eafe796fa81679554dd3562ad0d07224b669438ebf99a5

    • SHA512

      c18bfe84f417045a131b694732a48062b98979e223b11da00abc36e457499c241db0498c852b56768c081be45f9ccb54c73b3f777f34c0a17f0b80cff69a60bd

    • SSDEEP

      24576:GyGgh/VmChpl1CWlsntM1bWJHmE4v/reY2nz5LyicUO6N+HQrEYTPepwrl+F:V//1hplnlstM1bW4Pv/rehzJyii+Y+7Q

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks