General

  • Target

    f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a

  • Size

    787KB

  • Sample

    241104-zj17ssxanh

  • MD5

    1fa89a675e8885491386cb427ee254a0

  • SHA1

    6d0663f013a81f6429294f2f6dd0c9fbc5dd33de

  • SHA256

    f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a

  • SHA512

    2b25354a31252ed4ce02608cf1a78fb983344eab9a41e2f2da5547de88f15b4c1f8bcf077b79f19b80a7b43b3582c589bfbb70dce02a34480043c7e0baa0cc04

  • SSDEEP

    12288:4Mriy90ZWnmDmC/cOW2xDTNlxZadKnS6TaLeWTdv0OBvU9R8Dim:qy/RCUOW2nfZaKvTm5hv0OBYuDim

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a

    • Size

      787KB

    • MD5

      1fa89a675e8885491386cb427ee254a0

    • SHA1

      6d0663f013a81f6429294f2f6dd0c9fbc5dd33de

    • SHA256

      f601eb82f705e56ff54fc426fd2b6ff36af7822a10e3ba611793023dfc0a9b0a

    • SHA512

      2b25354a31252ed4ce02608cf1a78fb983344eab9a41e2f2da5547de88f15b4c1f8bcf077b79f19b80a7b43b3582c589bfbb70dce02a34480043c7e0baa0cc04

    • SSDEEP

      12288:4Mriy90ZWnmDmC/cOW2xDTNlxZadKnS6TaLeWTdv0OBvU9R8Dim:qy/RCUOW2nfZaKvTm5hv0OBYuDim

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks