General

  • Target

    58de535317ba814adf45ce88ef43a7e121413f1efb5355a2b035f8f2776c0a24

  • Size

    875KB

  • Sample

    241109-fs8tfsybpe

  • MD5

    011e67821d1e015ebc1517746e81bbeb

  • SHA1

    14ab21706ff143922825c0b54b8e2de7f3c723de

  • SHA256

    58de535317ba814adf45ce88ef43a7e121413f1efb5355a2b035f8f2776c0a24

  • SHA512

    98f07fc10740c6a5f30fc15285edd315fa1176bb0d3164c1e2fe99479a866e65432da0e0e4e97edcd89833a92d3185c21acb5e9a25176eb5cbfa7493bffc172e

  • SSDEEP

    24576:gyYIWvhrorHYmw9N5GCE/uJTdwBDm6S1iPWZds:nYIcUrHYmzCu+dj6SMK

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      58de535317ba814adf45ce88ef43a7e121413f1efb5355a2b035f8f2776c0a24

    • Size

      875KB

    • MD5

      011e67821d1e015ebc1517746e81bbeb

    • SHA1

      14ab21706ff143922825c0b54b8e2de7f3c723de

    • SHA256

      58de535317ba814adf45ce88ef43a7e121413f1efb5355a2b035f8f2776c0a24

    • SHA512

      98f07fc10740c6a5f30fc15285edd315fa1176bb0d3164c1e2fe99479a866e65432da0e0e4e97edcd89833a92d3185c21acb5e9a25176eb5cbfa7493bffc172e

    • SSDEEP

      24576:gyYIWvhrorHYmw9N5GCE/uJTdwBDm6S1iPWZds:nYIcUrHYmzCu+dj6SMK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks