General

  • Target

    8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee

  • Size

    536KB

  • Sample

    241109-eqhc2swphy

  • MD5

    6e28c6d5fb5421cbaa8701c7161555ef

  • SHA1

    01694a53c2feb081692656dd93ed27b34960c4c5

  • SHA256

    8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee

  • SHA512

    888388f86a319b6e99f9235e39c029bd40b3041d478c9f5e52087a0104be9188d2be19b918f4795273d6fdc460a38488fd985fb87f9d885c0599e7d609ede669

  • SSDEEP

    12288:lMrvy90kmFhiVwxtMPY36UUrJtx/uzCqytn7ynbkN:uyXs0VwxqPYKUUrJv/uuqOQbkN

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee

    • Size

      536KB

    • MD5

      6e28c6d5fb5421cbaa8701c7161555ef

    • SHA1

      01694a53c2feb081692656dd93ed27b34960c4c5

    • SHA256

      8e90278cb83476d700b04f81df3a95c2618aec6230f5e6b1045256a4036b88ee

    • SHA512

      888388f86a319b6e99f9235e39c029bd40b3041d478c9f5e52087a0104be9188d2be19b918f4795273d6fdc460a38488fd985fb87f9d885c0599e7d609ede669

    • SSDEEP

      12288:lMrvy90kmFhiVwxtMPY36UUrJtx/uzCqytn7ynbkN:uyXs0VwxqPYKUUrJv/uuqOQbkN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks