General

  • Target

    4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3

  • Size

    647KB

  • Sample

    241109-fq2mcsybmq

  • MD5

    e11d4ce2cbe6ca5bc669cd269c5ef823

  • SHA1

    b6e1abdd23bf66aaa85151e05737619ff13ec1f7

  • SHA256

    4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3

  • SHA512

    52c789d7bbd1aa7ea0215a5d95959f0314b29b101b867c5d7bd4265b6ffd9d17c0530b68c732c0ebb1612cdde275356c75733c432ca6e56d930605c1311e9ce6

  • SSDEEP

    12288:YMrey90wTwP6BzB5lqPAu8WcVEKElzS2LYiGOAwqnRh:WyZsSFtUh8KKElm+DA1n

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3

    • Size

      647KB

    • MD5

      e11d4ce2cbe6ca5bc669cd269c5ef823

    • SHA1

      b6e1abdd23bf66aaa85151e05737619ff13ec1f7

    • SHA256

      4e5b1b41309d8a278b0066b89daa8482b1f0d3219f44de0792fa5148264512c3

    • SHA512

      52c789d7bbd1aa7ea0215a5d95959f0314b29b101b867c5d7bd4265b6ffd9d17c0530b68c732c0ebb1612cdde275356c75733c432ca6e56d930605c1311e9ce6

    • SSDEEP

      12288:YMrey90wTwP6BzB5lqPAu8WcVEKElzS2LYiGOAwqnRh:WyZsSFtUh8KKElm+DA1n

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks