General

  • Target

    4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601

  • Size

    557KB

  • Sample

    241110-gxydys1frf

  • MD5

    1382f20e1a1dc86783a7cb85ccd1358c

  • SHA1

    547175c9642d9cafed2f18ea26002328ff5a4a6e

  • SHA256

    4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601

  • SHA512

    f2e47bd4a29d8314503e7748a001ff3aeaf9a32d1ac55f4887f8afedb365b571643ab1369cf86b9472bd9a3402359328abf72fe3b1968a060c1baf86ff97713d

  • SSDEEP

    12288:7Mr6y908ws4RA9ZDP6qO74fPi48JfVfSp2wrJa3y:FyiHuPDP6L+8NhSp2wrJGy

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601

    • Size

      557KB

    • MD5

      1382f20e1a1dc86783a7cb85ccd1358c

    • SHA1

      547175c9642d9cafed2f18ea26002328ff5a4a6e

    • SHA256

      4ab2385be2aafd4870224276d8d6a86271c3be57ce7467266883a1a3feedc601

    • SHA512

      f2e47bd4a29d8314503e7748a001ff3aeaf9a32d1ac55f4887f8afedb365b571643ab1369cf86b9472bd9a3402359328abf72fe3b1968a060c1baf86ff97713d

    • SSDEEP

      12288:7Mr6y908ws4RA9ZDP6qO74fPi48JfVfSp2wrJa3y:FyiHuPDP6L+8NhSp2wrJGy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks