General

  • Target

    f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808

  • Size

    792KB

  • Sample

    241109-eg774szlcp

  • MD5

    dfa9f5926e4e1fc060084da98d60bd6e

  • SHA1

    e40153355589f03e407caa0e40b85ab2d696146c

  • SHA256

    f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808

  • SHA512

    f6c8047af141ce03023bf7143c56217d3fdb44b155ff8e54dd41f3375c3a25cf4522564139d80454bfe63f9c37a8f3b09493262f68baa7f8e56b32ae8ec0e518

  • SSDEEP

    12288:sMrAy90YWFmzMqhj8qP7OJxNY5VIM+dJyR53LYac80SS1JHjA8Wr9rjXVdtcLrVT:UywFQMWP7qNYkM+GrLtFKjv4rhTcvVT

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808

    • Size

      792KB

    • MD5

      dfa9f5926e4e1fc060084da98d60bd6e

    • SHA1

      e40153355589f03e407caa0e40b85ab2d696146c

    • SHA256

      f673917c49f535a1f82005578e1b86625dd7c8f25bafb25a215273a819aa0808

    • SHA512

      f6c8047af141ce03023bf7143c56217d3fdb44b155ff8e54dd41f3375c3a25cf4522564139d80454bfe63f9c37a8f3b09493262f68baa7f8e56b32ae8ec0e518

    • SSDEEP

      12288:sMrAy90YWFmzMqhj8qP7OJxNY5VIM+dJyR53LYac80SS1JHjA8Wr9rjXVdtcLrVT:UywFQMWP7qNYkM+GrLtFKjv4rhTcvVT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks