General

  • Target

    d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf

  • Size

    844KB

  • Sample

    241104-rdcy1szngt

  • MD5

    e09ec808260796c871905a00d51c3982

  • SHA1

    8a8e3ab0e7a0ec83acbfc8d36c81050e85c4128c

  • SHA256

    d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf

  • SHA512

    e5c79be56cc8916f9a06382a086c64f57ff3d2382a0315fff26d5d569de1c12ce2df1338b52971b584c1eec481299dc2ce84ff9b4b2f29d0a663f204320294fa

  • SSDEEP

    24576:5yTmHos3wCAV0v8qDvFW5XI+1Tmc+U3jrq37Wy7IM:sTN4nDvn9W5XI5c33jTV

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf

    • Size

      844KB

    • MD5

      e09ec808260796c871905a00d51c3982

    • SHA1

      8a8e3ab0e7a0ec83acbfc8d36c81050e85c4128c

    • SHA256

      d6bdd561653f82441a9f219b653d3a112cb33b7b0267117f4ef5f44c1bb478bf

    • SHA512

      e5c79be56cc8916f9a06382a086c64f57ff3d2382a0315fff26d5d569de1c12ce2df1338b52971b584c1eec481299dc2ce84ff9b4b2f29d0a663f204320294fa

    • SSDEEP

      24576:5yTmHos3wCAV0v8qDvFW5XI+1Tmc+U3jrq37Wy7IM:sTN4nDvn9W5XI5c33jTV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks