General

  • Target

    1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03

  • Size

    860KB

  • Sample

    241109-1g2afsvrhl

  • MD5

    9c881146a96f4b1060923c21c059f498

  • SHA1

    8c5a678df7d8d3dd540e4f8331d79b29ddf15de6

  • SHA256

    1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03

  • SHA512

    56c64c364a196b74ab2e91e802d3ae7458bcb4cc2656a5ebf430a17344069e2f885af18d71466d60f045e0f5a3acd5f0620514c1e51bd0a170c3b561d15c0c25

  • SSDEEP

    12288:aMrmy90biflOnzcioY+dg6aWAC6s4RtghUSWaYt6ktucb1gsNpL3yRqF4M4h1fr7:EyG8Ct+5ANRtZSW9bTTb3yRW4h1fre8

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03

    • Size

      860KB

    • MD5

      9c881146a96f4b1060923c21c059f498

    • SHA1

      8c5a678df7d8d3dd540e4f8331d79b29ddf15de6

    • SHA256

      1c94d07415f567eb93b4811156534a9832220631950fe04220dabfc29e78ce03

    • SHA512

      56c64c364a196b74ab2e91e802d3ae7458bcb4cc2656a5ebf430a17344069e2f885af18d71466d60f045e0f5a3acd5f0620514c1e51bd0a170c3b561d15c0c25

    • SSDEEP

      12288:aMrmy90biflOnzcioY+dg6aWAC6s4RtghUSWaYt6ktucb1gsNpL3yRqF4M4h1fr7:EyG8Ct+5ANRtZSW9bTTb3yRW4h1fre8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks