General

  • Target

    77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3

  • Size

    875KB

  • Sample

    241104-12xg1aybqg

  • MD5

    df349954609a18ad12fe2e61b93654ed

  • SHA1

    0fdc11f7782070d8cec6f5a48c69c060e9d966e1

  • SHA256

    77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3

  • SHA512

    92d19b136857a10f89536495bfa3056087969d51891a1a54ebf03c2f1b269119e4f42e4ceb9715e84ad9975a5cb643f8d75ccad46e2828254fae4becb445a43c

  • SSDEEP

    24576:kyBKRR4xmNrR/8eoiQnse9kPC0FpgmSdjaCSlp:zXxeqx5NAC0AmSNaCe

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3

    • Size

      875KB

    • MD5

      df349954609a18ad12fe2e61b93654ed

    • SHA1

      0fdc11f7782070d8cec6f5a48c69c060e9d966e1

    • SHA256

      77c87014900d5c913ad33be14bdc5c18bc4b25865d32facac8c15aaf1aeaeac3

    • SHA512

      92d19b136857a10f89536495bfa3056087969d51891a1a54ebf03c2f1b269119e4f42e4ceb9715e84ad9975a5cb643f8d75ccad46e2828254fae4becb445a43c

    • SSDEEP

      24576:kyBKRR4xmNrR/8eoiQnse9kPC0FpgmSdjaCSlp:zXxeqx5NAC0AmSNaCe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks