General

  • Target

    bc62c0c16d1abe90f6624d9bcc24e366b4194722fd61aa41552efec20f2ce808

  • Size

    557KB

  • Sample

    241110-rjqgasxpet

  • MD5

    68c08ac6f467907b1ecc6200c64654dd

  • SHA1

    563edc189471c8f48a5fc53b7ddd4257c3905478

  • SHA256

    bc62c0c16d1abe90f6624d9bcc24e366b4194722fd61aa41552efec20f2ce808

  • SHA512

    b3c5080302b7043243a929f0685c186a123ae5e4f35427ad1e9b3fae9bc1211c0d74d84147c9bf071dac42bd3719f2cf573f26ea71a923e0947af9a20944279f

  • SSDEEP

    12288:dMrUy90dniZVatiODfPqctVcEdRpOMGcz/CKdt0ZUsc/15ngLVJS4t1f:Byen2VSiObNtVcETpOtcG6suNgLVJSE

Malware Config

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      bc62c0c16d1abe90f6624d9bcc24e366b4194722fd61aa41552efec20f2ce808

    • Size

      557KB

    • MD5

      68c08ac6f467907b1ecc6200c64654dd

    • SHA1

      563edc189471c8f48a5fc53b7ddd4257c3905478

    • SHA256

      bc62c0c16d1abe90f6624d9bcc24e366b4194722fd61aa41552efec20f2ce808

    • SHA512

      b3c5080302b7043243a929f0685c186a123ae5e4f35427ad1e9b3fae9bc1211c0d74d84147c9bf071dac42bd3719f2cf573f26ea71a923e0947af9a20944279f

    • SSDEEP

      12288:dMrUy90dniZVatiODfPqctVcEdRpOMGcz/CKdt0ZUsc/15ngLVJS4t1f:Byen2VSiObNtVcETpOtcG6suNgLVJSE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks