General

  • Target

    20cd183570155f14057bdc2ea18e7198d65c5cb4042dfe55d87b575f2007e015N.exe

  • Size

    1.2MB

  • Sample

    241111-hkmx5avgrh

  • MD5

    ce48174683e6c20aed39934908d2a3f2

  • SHA1

    129c0265a97dbfe90339fd598af55231849a008f

  • SHA256

    5142102c7da0f3090d6d7a8bc6021dd11d64bcc3040e884514db25148f7f84ec

  • SHA512

    f3e6a9faedd2d6c5b00745e36db753edd74a788170680b6e2f8b02baac44045f25e3d9c4981f417f1d002650c886bdc842c3c9304c4b9e1d66ef17117bf8fdeb

  • SSDEEP

    24576:dyilyisGwlWiclUxeZDw8AWQ0KXsp/DzlI5nI57HCL43hpbexpk7Z7w0RyC2P0:4iljsM7lUxgW2KYlSI5uwhpbexi7ZM0/

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      20cd183570155f14057bdc2ea18e7198d65c5cb4042dfe55d87b575f2007e015N.exe

    • Size

      1.2MB

    • MD5

      ce48174683e6c20aed39934908d2a3f2

    • SHA1

      129c0265a97dbfe90339fd598af55231849a008f

    • SHA256

      5142102c7da0f3090d6d7a8bc6021dd11d64bcc3040e884514db25148f7f84ec

    • SHA512

      f3e6a9faedd2d6c5b00745e36db753edd74a788170680b6e2f8b02baac44045f25e3d9c4981f417f1d002650c886bdc842c3c9304c4b9e1d66ef17117bf8fdeb

    • SSDEEP

      24576:dyilyisGwlWiclUxeZDw8AWQ0KXsp/DzlI5nI57HCL43hpbexpk7Z7w0RyC2P0:4iljsM7lUxgW2KYlSI5uwhpbexi7ZM0/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks