General

  • Target

    4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5

  • Size

    547KB

  • Sample

    241110-dwyfsayenb

  • MD5

    18d7bffcf47c81ac650dec0d0f676917

  • SHA1

    acd7b783d25c89d976e5dbdde1f963b7e8652060

  • SHA256

    4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5

  • SHA512

    daedafda474e2cf9edc67624fabc0fe7b955296f04558a0de08132ae439d9fd7b44297cdc99b3514fce9e0e2f240fa25fe1454b31e182a5baaad7559527b928d

  • SSDEEP

    12288:IMrIy90IzLv4pmPsCH9jQMCUQLfIq+Xh:wyUCFQv3c

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5

    • Size

      547KB

    • MD5

      18d7bffcf47c81ac650dec0d0f676917

    • SHA1

      acd7b783d25c89d976e5dbdde1f963b7e8652060

    • SHA256

      4e15051bded00f55e7e11c08e4e27bc5ed22f1ac197fbe8d577559ff83e569f5

    • SHA512

      daedafda474e2cf9edc67624fabc0fe7b955296f04558a0de08132ae439d9fd7b44297cdc99b3514fce9e0e2f240fa25fe1454b31e182a5baaad7559527b928d

    • SSDEEP

      12288:IMrIy90IzLv4pmPsCH9jQMCUQLfIq+Xh:wyUCFQv3c

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks