General

  • Target

    f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903

  • Size

    547KB

  • Sample

    241110-dv6e1a1phj

  • MD5

    61ebd395a528beff71ce10afbf990737

  • SHA1

    a330852935edd4a73424281f9e4d40520cda01c0

  • SHA256

    f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903

  • SHA512

    05bf3851b7d89b01b963a0dc400c93b42743f7a23d490a9c7e8e2dfb8ca687f4b2ee9fd39590be8da0f45725d86c6e630c855ff35cfef35d4d570997f0a5cae0

  • SSDEEP

    12288:vMriy90uK99zIQ5Q78qr8H18VAPBREWanKteQE3iy64bCD:dy49E3r+hREbnK07Soa

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903

    • Size

      547KB

    • MD5

      61ebd395a528beff71ce10afbf990737

    • SHA1

      a330852935edd4a73424281f9e4d40520cda01c0

    • SHA256

      f58760de2a1df533d7d1ea06eaeaa84d1a27c8b3beaa49ab192cefdc1e344903

    • SHA512

      05bf3851b7d89b01b963a0dc400c93b42743f7a23d490a9c7e8e2dfb8ca687f4b2ee9fd39590be8da0f45725d86c6e630c855ff35cfef35d4d570997f0a5cae0

    • SSDEEP

      12288:vMriy90uK99zIQ5Q78qr8H18VAPBREWanKteQE3iy64bCD:dy49E3r+hREbnK07Soa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks