General

  • Target

    b14a730a0954ae19289bab3b83e836e08cfb16b905ba6d2ca9dede14a173330f

  • Size

    695KB

  • Sample

    241109-x584eszlcz

  • MD5

    7d72b7cfeaf2a31b5244721498cd6b17

  • SHA1

    02dd36f2e4fea8a596befc99fdfd4de281918672

  • SHA256

    b14a730a0954ae19289bab3b83e836e08cfb16b905ba6d2ca9dede14a173330f

  • SHA512

    b3901039615bbc7c20a42b4eda65eb16ae63fc0118694c5e9677e7525d217b5ea74d5238faab64b6e8c8714fdb358cbd67c709005763e7529a41728dd88367ad

  • SSDEEP

    12288:tMrmy902j7fbmVpOla6K2+lthg0wiXcmll7pEmq0mQscqzwj7uq:7yZ6Vpn6b+lthgoXJ7pEmHmDcqzzq

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      b14a730a0954ae19289bab3b83e836e08cfb16b905ba6d2ca9dede14a173330f

    • Size

      695KB

    • MD5

      7d72b7cfeaf2a31b5244721498cd6b17

    • SHA1

      02dd36f2e4fea8a596befc99fdfd4de281918672

    • SHA256

      b14a730a0954ae19289bab3b83e836e08cfb16b905ba6d2ca9dede14a173330f

    • SHA512

      b3901039615bbc7c20a42b4eda65eb16ae63fc0118694c5e9677e7525d217b5ea74d5238faab64b6e8c8714fdb358cbd67c709005763e7529a41728dd88367ad

    • SSDEEP

      12288:tMrmy902j7fbmVpOla6K2+lthg0wiXcmll7pEmq0mQscqzwj7uq:7yZ6Vpn6b+lthgoXJ7pEmHmDcqzzq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks