General

  • Target

    803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78

  • Size

    385KB

  • Sample

    241104-12e8qaxpf1

  • MD5

    f29e78bd40508ba6dcdd1512b62c5837

  • SHA1

    f322f1d8e203b90130df36d5d4aad84f9a458492

  • SHA256

    803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78

  • SHA512

    58f5141f7780e5f7845cf020b6daca55969d739475813d9ffa9172655c5bbae4ad998177b33951e28590ccdc34e32e78426d376c4e873047f821661e7db2c7ba

  • SSDEEP

    6144:Kfy+bnr+Np0yN90QEAPtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN7:tMrBy90MtBLBt/cwlsWzTEItpi1X0G

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78

    • Size

      385KB

    • MD5

      f29e78bd40508ba6dcdd1512b62c5837

    • SHA1

      f322f1d8e203b90130df36d5d4aad84f9a458492

    • SHA256

      803338b1e104deb45fd36a673ffc97dfbfb67d9aafb6f9cb4272dc38c9ff9a78

    • SHA512

      58f5141f7780e5f7845cf020b6daca55969d739475813d9ffa9172655c5bbae4ad998177b33951e28590ccdc34e32e78426d376c4e873047f821661e7db2c7ba

    • SSDEEP

      6144:Kfy+bnr+Np0yN90QEAPtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN7:tMrBy90MtBLBt/cwlsWzTEItpi1X0G

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks