General

  • Target

    c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b

  • Size

    1.2MB

  • Sample

    241111-hf6vfaykcj

  • MD5

    ad7a098b64e793c263ab703b0b1a4d51

  • SHA1

    ed3954dcb76532ab6c2b1c7dd3457ec636228260

  • SHA256

    c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b

  • SHA512

    b6ebe52a4bc096f0e981c6f09af3d423087417f5fa96840d66b882f462bcc397bf256f0c0c8820007b87429687d92cf9e30036600a921726967cc8be72aec5e5

  • SSDEEP

    24576:nyFfwub9MNwYUooFzBZVaBosAAeVDFGP0krpq8x7xZ:yOq96wQoBKo11DEcoqq

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b

    • Size

      1.2MB

    • MD5

      ad7a098b64e793c263ab703b0b1a4d51

    • SHA1

      ed3954dcb76532ab6c2b1c7dd3457ec636228260

    • SHA256

      c2f4e9915a08fd1e0d88a1c696f836f6dbaceafac73fabe53bdd528ce72b6b0b

    • SHA512

      b6ebe52a4bc096f0e981c6f09af3d423087417f5fa96840d66b882f462bcc397bf256f0c0c8820007b87429687d92cf9e30036600a921726967cc8be72aec5e5

    • SSDEEP

      24576:nyFfwub9MNwYUooFzBZVaBosAAeVDFGP0krpq8x7xZ:yOq96wQoBKo11DEcoqq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks