General

  • Target

    6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4N

  • Size

    683KB

  • Sample

    241111-gnhxxavcle

  • MD5

    8512096d8e5b740e6c0d051ea6ddc010

  • SHA1

    756982fcfc787c0a2e13756e3465b783044fdb5e

  • SHA256

    6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4

  • SHA512

    c1ee0216bbe83e6896febb5bac3815d01341af06f326d3261a48deef928cecf1e33b837823096db10a1d10a0fd62e1d927c2a95d399b0cc8d6c222a3517fbcbb

  • SSDEEP

    12288:VMrBy90qe56ppFFbtYc3LvvVRwgW171F9l/Kd6/lea7eK+yravHvSo+T:UyM56ppv5YcbVgvl/46Ea7eK+LvSoO

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4N

    • Size

      683KB

    • MD5

      8512096d8e5b740e6c0d051ea6ddc010

    • SHA1

      756982fcfc787c0a2e13756e3465b783044fdb5e

    • SHA256

      6c15e0bed62a305e11108f3a4435106150513097dc535d1b0702dacb44d482c4

    • SHA512

      c1ee0216bbe83e6896febb5bac3815d01341af06f326d3261a48deef928cecf1e33b837823096db10a1d10a0fd62e1d927c2a95d399b0cc8d6c222a3517fbcbb

    • SSDEEP

      12288:VMrBy90qe56ppFFbtYc3LvvVRwgW171F9l/Kd6/lea7eK+yravHvSo+T:UyM56ppv5YcbVgvl/46Ea7eK+LvSoO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks