General

  • Target

    dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75

  • Size

    385KB

  • Sample

    241109-ep3btsxdka

  • MD5

    566a322e094ea33da651578d7d8c9fa6

  • SHA1

    43a96cded186b6428e39e29e83b93646ff4e8b31

  • SHA256

    dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75

  • SHA512

    426a2ce66fb4bf751aada1fccee937bc5c467ae3d3323231b728f6a90e411553a0c07e5072c889bf3af4e4d01e00ad606cab9d443c182f842db4ad2b4c96e5c4

  • SSDEEP

    6144:KUy+bnr+Sp0yN90QEUnJV63upgdOUlnRXE06NgnUW/wAXCEreDJ5pK+nB35s6v:YMrey908CNd/nR00jnUewASx5pV5s6v

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75

    • Size

      385KB

    • MD5

      566a322e094ea33da651578d7d8c9fa6

    • SHA1

      43a96cded186b6428e39e29e83b93646ff4e8b31

    • SHA256

      dfbe1ea06c075ced435c097b65d7c3efcfdc6208c1a8f5cae1da035f81387a75

    • SHA512

      426a2ce66fb4bf751aada1fccee937bc5c467ae3d3323231b728f6a90e411553a0c07e5072c889bf3af4e4d01e00ad606cab9d443c182f842db4ad2b4c96e5c4

    • SSDEEP

      6144:KUy+bnr+Sp0yN90QEUnJV63upgdOUlnRXE06NgnUW/wAXCEreDJ5pK+nB35s6v:YMrey908CNd/nR00jnUewASx5pV5s6v

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks