General

  • Target

    2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7

  • Size

    1.3MB

  • Sample

    241111-gf9ewsxnej

  • MD5

    65ab3bb2273d32f714206f04f2269d66

  • SHA1

    7da1fd6cc9dc599c18b6ae6a6bf545a0debfaf14

  • SHA256

    2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7

  • SHA512

    6cd5f74ffa48b1fd4590a47173074f818eb0c7ceeb1009fa085795222c9f5c97fb6057c41232527835328b2990791496359c5114ce2bb7483591359d1e20183a

  • SSDEEP

    24576:hyzyGFmXyVkOZhRKvVkvS01YK648gvwRsd7TELMR8l84y+5vjpOp/:UzdFmCmOFcm7YKUowoTR8lB5rpa

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7

    • Size

      1.3MB

    • MD5

      65ab3bb2273d32f714206f04f2269d66

    • SHA1

      7da1fd6cc9dc599c18b6ae6a6bf545a0debfaf14

    • SHA256

      2600be8464241f4e82dc1d19361a467b23760bd4d0e45a1ab8ee507fb16f1ef7

    • SHA512

      6cd5f74ffa48b1fd4590a47173074f818eb0c7ceeb1009fa085795222c9f5c97fb6057c41232527835328b2990791496359c5114ce2bb7483591359d1e20183a

    • SSDEEP

      24576:hyzyGFmXyVkOZhRKvVkvS01YK648gvwRsd7TELMR8l84y+5vjpOp/:UzdFmCmOFcm7YKUowoTR8lB5rpa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks