General

  • Target

    e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62

  • Size

    695KB

  • Sample

    241104-qqqj7s1blm

  • MD5

    569cc46df2287d34db748c1e1692e889

  • SHA1

    7e793077eee94fb696ce60a9a0896293b513acc2

  • SHA256

    e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62

  • SHA512

    8bb63f615daefe491068191998b090dd087216ab52797cf382ae198a4a1fbc45b27a2573ce9d17cab048975b2fe1cbcc9781ff46566393b718357bccacfec264

  • SSDEEP

    12288:iMrey907kf0Vk5KTvuHoVK2+ctig0wiyc/ED/0mQsc2zjsVr1gIeT:QyHMVk8T2HUb+ctigoy5YmDc2zi+IeT

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62

    • Size

      695KB

    • MD5

      569cc46df2287d34db748c1e1692e889

    • SHA1

      7e793077eee94fb696ce60a9a0896293b513acc2

    • SHA256

      e56b831b3a8709fcfafb0436cf0659623a277cfc7901d3eb588225b67119ab62

    • SHA512

      8bb63f615daefe491068191998b090dd087216ab52797cf382ae198a4a1fbc45b27a2573ce9d17cab048975b2fe1cbcc9781ff46566393b718357bccacfec264

    • SSDEEP

      12288:iMrey907kf0Vk5KTvuHoVK2+ctig0wiyc/ED/0mQsc2zjsVr1gIeT:QyHMVk8T2HUb+ctigoy5YmDc2zi+IeT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks