General

  • Target

    061d9dff039ee5b9ec579a40414c3a2d99079b57e9dbaf7ac17701bcc8274913

  • Size

    536KB

  • Sample

    241111-gl6wysxpak

  • MD5

    4011c31e75f149437bd7e81673f5deb0

  • SHA1

    ea7acc5a4cc862c397d9442bde32cb90f85524a3

  • SHA256

    061d9dff039ee5b9ec579a40414c3a2d99079b57e9dbaf7ac17701bcc8274913

  • SHA512

    7cf1fe4c072698d9b99427b261e2000081431d91c9f4abe7df42ec1af9238ec16f0506433cd3d70e93848abaa29d8b674fd502e6dfefe9250a3d10730056d3f0

  • SSDEEP

    12288:vMrzy90CxuWI2q/psv1+h6ilHEKfihYL0kU:gyvxuWInpsv9RK+YIV

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      061d9dff039ee5b9ec579a40414c3a2d99079b57e9dbaf7ac17701bcc8274913

    • Size

      536KB

    • MD5

      4011c31e75f149437bd7e81673f5deb0

    • SHA1

      ea7acc5a4cc862c397d9442bde32cb90f85524a3

    • SHA256

      061d9dff039ee5b9ec579a40414c3a2d99079b57e9dbaf7ac17701bcc8274913

    • SHA512

      7cf1fe4c072698d9b99427b261e2000081431d91c9f4abe7df42ec1af9238ec16f0506433cd3d70e93848abaa29d8b674fd502e6dfefe9250a3d10730056d3f0

    • SSDEEP

      12288:vMrzy90CxuWI2q/psv1+h6ilHEKfihYL0kU:gyvxuWInpsv9RK+YIV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks