General

  • Target

    9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb

  • Size

    860KB

  • Sample

    241109-ea3daaxapm

  • MD5

    34039017a018ff1d89f26ad5738c02d6

  • SHA1

    ed716e986f736f5b83c661344f076d2c30799652

  • SHA256

    9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb

  • SHA512

    3624b669c7f83439d4fa4d71da26ded5de6e6bdaea103a0456a6645cdf7279025549bdefc09cf49d102bf4b0bb8b82f4c5acd3229163e8dfbbcd327fbdcfdbdc

  • SSDEEP

    24576:8ycbjKB9NSH5SWSDIyk+/N/3xywYhfSp2Q+:rYUSH8WSDIm/3x

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb

    • Size

      860KB

    • MD5

      34039017a018ff1d89f26ad5738c02d6

    • SHA1

      ed716e986f736f5b83c661344f076d2c30799652

    • SHA256

      9c4361fac3abdda0b810282189465be9e5e362740270be14864ff7d65d479edb

    • SHA512

      3624b669c7f83439d4fa4d71da26ded5de6e6bdaea103a0456a6645cdf7279025549bdefc09cf49d102bf4b0bb8b82f4c5acd3229163e8dfbbcd327fbdcfdbdc

    • SSDEEP

      24576:8ycbjKB9NSH5SWSDIyk+/N/3xywYhfSp2Q+:rYUSH8WSDIm/3x

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks