General

  • Target

    60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81cN

  • Size

    388KB

  • Sample

    241113-zmm5caslbr

  • MD5

    506fcdb16512553b1b27c4a76dcf1ba0

  • SHA1

    0015eb0281d2e8d05284717ecf1026196e84a53a

  • SHA256

    60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81c

  • SHA512

    2244b44f9583d22680b5d2c46760066711f05cc1fa125e3279d883170ef80ba7241d4a00d82cf3fb914df9d332650d2f5f64e2919ebb0886211f1df9a43438a7

  • SSDEEP

    6144:Kiy+bnr+gp0yN90QEhy8iiv8JPp40xxnR8urDr+5Gs6glFn874C0Q:eMrQy90HiivAp40R8uTxs6M87p

Malware Config

Extracted

Family

redline

Botnet

rumfa

C2

193.233.20.24:4123

Attributes
  • auth_value

    749d02a6b4ef1fa2ad908e44ec2296dc

Targets

    • Target

      60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81cN

    • Size

      388KB

    • MD5

      506fcdb16512553b1b27c4a76dcf1ba0

    • SHA1

      0015eb0281d2e8d05284717ecf1026196e84a53a

    • SHA256

      60fffd562a2de5f2b20d57aafad2c18f562285da3c984ffe2c5b819c556fd81c

    • SHA512

      2244b44f9583d22680b5d2c46760066711f05cc1fa125e3279d883170ef80ba7241d4a00d82cf3fb914df9d332650d2f5f64e2919ebb0886211f1df9a43438a7

    • SSDEEP

      6144:Kiy+bnr+gp0yN90QEhy8iiv8JPp40xxnR8urDr+5Gs6glFn874C0Q:eMrQy90HiivAp40R8uTxs6M87p

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks