General

  • Target

    befd0ca460bfb5adf544be7a35d3713fd0dfd83f6f41ff2d18e58484fc8f5f87

  • Size

    481KB

  • Sample

    241111-gms2gsxpar

  • MD5

    db37fbd863032078ce89d1058a2102f5

  • SHA1

    43eb4725aba7a36efe8880553d3b9e5e7de17dda

  • SHA256

    befd0ca460bfb5adf544be7a35d3713fd0dfd83f6f41ff2d18e58484fc8f5f87

  • SHA512

    51426f24ddeabf1c378be2be6f52a33e410f29e4133d449047e5fb4b73aa07f4c324e057281cc2451d2f7bec7675a0013c206724c096de4f0dda2d75dc05fd52

  • SSDEEP

    12288:82IQZxjEb6ejTK/sFhckqeWZV0TVUrV6r28xoOK7kAO:PLRejTeqhckiMC/Lkl

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      21873ff139457de3499d5a4dee71530636bc23ac91a4d5b0ba54a2467ce67384.exe

    • Size

      532KB

    • MD5

      d8993aa75f18a510cb0417b628471c6e

    • SHA1

      0db16e20aeeec0e1b4d7b9813e0ae958a236e992

    • SHA256

      21873ff139457de3499d5a4dee71530636bc23ac91a4d5b0ba54a2467ce67384

    • SHA512

      f2e5582c590e79b7901978d609ab8589a5831a1837696510ab142e23d14cd62d62ce1b5f654c085ba65a74216bd52b1fd3fe1d909becd20ae5cc82dd34d55954

    • SSDEEP

      12288:yMrGy90qPpu0E7mH7w/vxreFFXGGm7XVU5r:wyPu0fwXeLm7XVar

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks