General

  • Target

    afc450850caa5203ab5d3db3b0c232d7bc4c341987fb3fee525fb61331c0a68f

  • Size

    569KB

  • Sample

    241104-13lf5ayfjq

  • MD5

    45810a1719972d93dc7a5b28593427c0

  • SHA1

    b37e911193a3332ac4358c275658d1781a7e6435

  • SHA256

    afc450850caa5203ab5d3db3b0c232d7bc4c341987fb3fee525fb61331c0a68f

  • SHA512

    a536131e0e9e7988ada51b2436bf7ff46857bbd69f29500da9c7c07ae731de4cdfd3666b755159144be87c2480336ba7f56cc2a99e4fc19280e34b14c73a7609

  • SSDEEP

    12288:EMrMy90bahimz7AuxqVhcxCpyPYF7xZ8yFePPo:IyasVAuxYKxCom7xqyQo

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      afc450850caa5203ab5d3db3b0c232d7bc4c341987fb3fee525fb61331c0a68f

    • Size

      569KB

    • MD5

      45810a1719972d93dc7a5b28593427c0

    • SHA1

      b37e911193a3332ac4358c275658d1781a7e6435

    • SHA256

      afc450850caa5203ab5d3db3b0c232d7bc4c341987fb3fee525fb61331c0a68f

    • SHA512

      a536131e0e9e7988ada51b2436bf7ff46857bbd69f29500da9c7c07ae731de4cdfd3666b755159144be87c2480336ba7f56cc2a99e4fc19280e34b14c73a7609

    • SSDEEP

      12288:EMrMy90bahimz7AuxqVhcxCpyPYF7xZ8yFePPo:IyasVAuxYKxCom7xqyQo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks