General

  • Target

    8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf

  • Size

    535KB

  • Sample

    241111-hjns2aykfn

  • MD5

    763d82706320303a38fcd016715ddfe7

  • SHA1

    b4551cfe898e76d603cad5f51f0283c3d0ff39c0

  • SHA256

    8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf

  • SHA512

    b637862b17ef101f3d5cc90ed55927b0e4dc954198b744e7b4bfc7ed4bceab63290e7a22c528d9328c7e50a1dbfafb68b78fe4cb59163ce105afeaa7ae820ed7

  • SSDEEP

    6144:Kiy+bnr+xp0yN90QE5RdqVKo8IntDHJCOOv3nroaF4FXjCcKfyQA1TFurko14qo9:2MrVy90rqVJt8L3rn6FXmctx5DcUt

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf

    • Size

      535KB

    • MD5

      763d82706320303a38fcd016715ddfe7

    • SHA1

      b4551cfe898e76d603cad5f51f0283c3d0ff39c0

    • SHA256

      8991654af5fccfd9e8cd36fcc642d9aae48e3c011d9b3b49597a1415a39bd6cf

    • SHA512

      b637862b17ef101f3d5cc90ed55927b0e4dc954198b744e7b4bfc7ed4bceab63290e7a22c528d9328c7e50a1dbfafb68b78fe4cb59163ce105afeaa7ae820ed7

    • SSDEEP

      6144:Kiy+bnr+xp0yN90QE5RdqVKo8IntDHJCOOv3nroaF4FXjCcKfyQA1TFurko14qo9:2MrVy90rqVJt8L3rn6FXmctx5DcUt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks