General

  • Target

    ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098

  • Size

    539KB

  • Sample

    241110-h8elnasdjl

  • MD5

    1c567efb98454c60824115ac1959fb50

  • SHA1

    35cac4daa87a773807f0640c58f9e273a63ade98

  • SHA256

    ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098

  • SHA512

    27c64cbd5f6a182d94c95ff831129b595ae749239ff83e35c09af647f1e788841aed685cd75cc81aed3a53f919bacf63580af129eac0bb3fb212a6e7f59e9c24

  • SSDEEP

    12288:YMrty90wgCSCpVTTafqRq/e9HHie6A17Nu1hQM:FyCC7VXnce1Z6A172hL

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098

    • Size

      539KB

    • MD5

      1c567efb98454c60824115ac1959fb50

    • SHA1

      35cac4daa87a773807f0640c58f9e273a63ade98

    • SHA256

      ebb0797f524529a57c7cf86189afbe7d61245545d2c88ae1c02eaadfbc79e098

    • SHA512

      27c64cbd5f6a182d94c95ff831129b595ae749239ff83e35c09af647f1e788841aed685cd75cc81aed3a53f919bacf63580af129eac0bb3fb212a6e7f59e9c24

    • SSDEEP

      12288:YMrty90wgCSCpVTTafqRq/e9HHie6A17Nu1hQM:FyCC7VXnce1Z6A172hL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks