General

  • Target

    f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813

  • Size

    569KB

  • Sample

    240310-cgtnlshc66

  • MD5

    4f1dd109b89b8c1010efc44389e1c573

  • SHA1

    98480974e1f6d442b2029cb01ad94fdc82677c2d

  • SHA256

    f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813

  • SHA512

    f32b662fd57867f44a733da8c39a419380d0e64903914ff18043f08fecff0e7ba1a7739df0df37c4ee70de0d2d380484fa805bc0a22a1803a4ca0adc0b250ff8

  • SSDEEP

    12288:CMrfy90Fahimz7AuxqVjcVB0QvDEsZ+ta5y+h:1yEsVAuxYjcwWLka5yW

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813

    • Size

      569KB

    • MD5

      4f1dd109b89b8c1010efc44389e1c573

    • SHA1

      98480974e1f6d442b2029cb01ad94fdc82677c2d

    • SHA256

      f70eeb0cef69b27b04f9cdeffff793fec8e5a52949baa850aee6d36722aec813

    • SHA512

      f32b662fd57867f44a733da8c39a419380d0e64903914ff18043f08fecff0e7ba1a7739df0df37c4ee70de0d2d380484fa805bc0a22a1803a4ca0adc0b250ff8

    • SSDEEP

      12288:CMrfy90Fahimz7AuxqVjcVB0QvDEsZ+ta5y+h:1yEsVAuxYjcwWLka5yW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks