General

  • Target

    70396a539c70e4e02b8a28a1e054e559e6f5a2dba81eb888eb46ddca2a4c70e5

  • Size

    788KB

  • Sample

    241104-q37dgs1dkl

  • MD5

    31f99726925bd5d92264b67fd39ed7ed

  • SHA1

    b71499baa902447f1cc7091f3b0f55e0961f5219

  • SHA256

    70396a539c70e4e02b8a28a1e054e559e6f5a2dba81eb888eb46ddca2a4c70e5

  • SHA512

    bb5ec28076d4166f43413c3251f3357a5fa3fa7424ed86aeba52f32c14c3e504fb55f3739dd68b3dcc1f5252e9f61a7303012f7ec3dfe77fa86ce8bd3470dbd0

  • SSDEEP

    24576:qyH8+/6bX67ANznJTTVLiFNe+8T4A/Gau:xv/f7AN9TpL8Nw/

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      70396a539c70e4e02b8a28a1e054e559e6f5a2dba81eb888eb46ddca2a4c70e5

    • Size

      788KB

    • MD5

      31f99726925bd5d92264b67fd39ed7ed

    • SHA1

      b71499baa902447f1cc7091f3b0f55e0961f5219

    • SHA256

      70396a539c70e4e02b8a28a1e054e559e6f5a2dba81eb888eb46ddca2a4c70e5

    • SHA512

      bb5ec28076d4166f43413c3251f3357a5fa3fa7424ed86aeba52f32c14c3e504fb55f3739dd68b3dcc1f5252e9f61a7303012f7ec3dfe77fa86ce8bd3470dbd0

    • SSDEEP

      24576:qyH8+/6bX67ANznJTTVLiFNe+8T4A/Gau:xv/f7AN9TpL8Nw/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks