General

  • Target

    786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899

  • Size

    540KB

  • Sample

    241110-gf7w3atpdl

  • MD5

    add4034b0bf514372860318124df6ac4

  • SHA1

    7bae189860c790fbae4f46f4fdad902bebb50c2c

  • SHA256

    786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899

  • SHA512

    efbd0efb0b8f047d7c0819a526ae16f7e733ba0a374eff6e5fdea40d64f5f073f1c4452c48fd3fb5749cf820d84057fe4228adc5add7e2794ab09e42a642c427

  • SSDEEP

    12288:OMrpy905IC+O1y1trDtB9A9ioPn+ISpFt4QP:XyaIc1y1trZB9A9PtkwG

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899

    • Size

      540KB

    • MD5

      add4034b0bf514372860318124df6ac4

    • SHA1

      7bae189860c790fbae4f46f4fdad902bebb50c2c

    • SHA256

      786135b1a60b9e7f2b3f762d9f7e577bd3c2f7291275616ab5242722965b3899

    • SHA512

      efbd0efb0b8f047d7c0819a526ae16f7e733ba0a374eff6e5fdea40d64f5f073f1c4452c48fd3fb5749cf820d84057fe4228adc5add7e2794ab09e42a642c427

    • SSDEEP

      12288:OMrpy905IC+O1y1trDtB9A9ioPn+ISpFt4QP:XyaIc1y1trZB9A9PtkwG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks