General

  • Target

    106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850N.exe

  • Size

    885KB

  • Sample

    241112-x26twssmhp

  • MD5

    0053ee17adfc32f59d028a9531205b20

  • SHA1

    7f408a7fd9bd6597b20ec38557b24d0f6c6c8609

  • SHA256

    106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850

  • SHA512

    b2b5da4b250c0ba14a82a4c65689df70117776f9ad1e9d9207d564adcac296a9667b84137a99349cbe7df3d347996f1eef5484c660d56f0163a965fc6e2223a3

  • SSDEEP

    24576:0yZhfTH0ivuMxIiB7UEu2od5vyCsGTTMucq:DzfTHJfU3qATY9

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850N.exe

    • Size

      885KB

    • MD5

      0053ee17adfc32f59d028a9531205b20

    • SHA1

      7f408a7fd9bd6597b20ec38557b24d0f6c6c8609

    • SHA256

      106b07336fcbdf00f7522cff242b50edd938dc71b73af7adca9a6a18c6fef850

    • SHA512

      b2b5da4b250c0ba14a82a4c65689df70117776f9ad1e9d9207d564adcac296a9667b84137a99349cbe7df3d347996f1eef5484c660d56f0163a965fc6e2223a3

    • SSDEEP

      24576:0yZhfTH0ivuMxIiB7UEu2od5vyCsGTTMucq:DzfTHJfU3qATY9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks