General

  • Target

    47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c

  • Size

    536KB

  • Sample

    241109-ej9tqawngw

  • MD5

    4808266f812d69da769a19688e1de3cf

  • SHA1

    1cb1896e8bb8dbfb9d4759ffc982e829efca2777

  • SHA256

    47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c

  • SHA512

    fac6813ef4b74b7a5d9cafc758846120bcb5e17e0fe08b3befcaa02697bd7bc789c37243f699572dc056b1c466603ae76435592567c50bb081036bc570e81844

  • SSDEEP

    12288:OMrPy90AncAT6Wz/8hHtd+gJtx/ucVqnWn7yFV:Jy2mpQhigJv/uWq+KV

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c

    • Size

      536KB

    • MD5

      4808266f812d69da769a19688e1de3cf

    • SHA1

      1cb1896e8bb8dbfb9d4759ffc982e829efca2777

    • SHA256

      47760178e8b173bf1cd4026eb3756154385f30b39d2763173eb79d59f7c5951c

    • SHA512

      fac6813ef4b74b7a5d9cafc758846120bcb5e17e0fe08b3befcaa02697bd7bc789c37243f699572dc056b1c466603ae76435592567c50bb081036bc570e81844

    • SSDEEP

      12288:OMrPy90AncAT6Wz/8hHtd+gJtx/ucVqnWn7yFV:Jy2mpQhigJv/uWq+KV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks