General

  • Target

    42d5ae642d722c8051abffd1f6f76070f019f65838c05dd7f2a283933ff17f56

  • Size

    546KB

  • Sample

    241104-zjlgcaxdpl

  • MD5

    8859ac0f59cb09d50918dc2455c8f387

  • SHA1

    5c44b6741609da3c3fd73133d0b2307fd1372fc4

  • SHA256

    42d5ae642d722c8051abffd1f6f76070f019f65838c05dd7f2a283933ff17f56

  • SHA512

    6b9e955713fff2515816b275992f3069ee626f75a3a216dba1d95e279e8101a2568d62f8eb63c0ad4697c51c71bb21b5fc2cab287b8882243e7fa0ea2b032e4e

  • SSDEEP

    12288:VMrAy90VskWVrukclSnsYemJidajIYaqAE2B8U:1yIuVrpcrhijIYaqAjP

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      42d5ae642d722c8051abffd1f6f76070f019f65838c05dd7f2a283933ff17f56

    • Size

      546KB

    • MD5

      8859ac0f59cb09d50918dc2455c8f387

    • SHA1

      5c44b6741609da3c3fd73133d0b2307fd1372fc4

    • SHA256

      42d5ae642d722c8051abffd1f6f76070f019f65838c05dd7f2a283933ff17f56

    • SHA512

      6b9e955713fff2515816b275992f3069ee626f75a3a216dba1d95e279e8101a2568d62f8eb63c0ad4697c51c71bb21b5fc2cab287b8882243e7fa0ea2b032e4e

    • SSDEEP

      12288:VMrAy90VskWVrukclSnsYemJidajIYaqAE2B8U:1yIuVrpcrhijIYaqAjP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks