General

  • Target

    fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e

  • Size

    875KB

  • Sample

    241104-q2e8lszhlg

  • MD5

    1c554b64550fd91edf02aa244c3c92bb

  • SHA1

    208150956f636668db1c8f92be5f16b48f035466

  • SHA256

    fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e

  • SHA512

    e9b7e702c7ea87b31786d232ff561deba624386a61f91366ae24f7bb3cac84b744bbe26b628286fbe72ef7d1243a8f83cf9b7aa60dbef9c80610fb6fdb52ab69

  • SSDEEP

    24576:PyVPjvuwLdrNUdT2hL1utQS1HSDJTeizDoP:aVbvuIxUshL1AHSdT

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e

    • Size

      875KB

    • MD5

      1c554b64550fd91edf02aa244c3c92bb

    • SHA1

      208150956f636668db1c8f92be5f16b48f035466

    • SHA256

      fc3de59498636a4cd9b697f2fa078037e4d69e4470c7d97049d30c2c5bf3e85e

    • SHA512

      e9b7e702c7ea87b31786d232ff561deba624386a61f91366ae24f7bb3cac84b744bbe26b628286fbe72ef7d1243a8f83cf9b7aa60dbef9c80610fb6fdb52ab69

    • SSDEEP

      24576:PyVPjvuwLdrNUdT2hL1utQS1HSDJTeizDoP:aVbvuIxUshL1AHSdT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks