General

  • Target

    90232fae9752278506a768b743485a74e75cce88e7f8b3659e45bc0f7ccc5d9e

  • Size

    810KB

  • Sample

    241109-xl41csyraz

  • MD5

    35e38e4a7372bdb083987056dbb1afe1

  • SHA1

    ed4f3176f52f88740b2dbaece31019cc9c492ac4

  • SHA256

    90232fae9752278506a768b743485a74e75cce88e7f8b3659e45bc0f7ccc5d9e

  • SHA512

    18eef01a599b68800ee6da62dbc6da521243d1b71154567c59815ec5d37d86fa545a95d0effb84390b0db407dcc14531460565d0b818fead3ee9bcccd81dbd48

  • SSDEEP

    24576:Gys1wabxFaBoCYLBN7yKML+Mh6PbdnIyc3N9D:VszxwFYLbyn+Mh3yc

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      90232fae9752278506a768b743485a74e75cce88e7f8b3659e45bc0f7ccc5d9e

    • Size

      810KB

    • MD5

      35e38e4a7372bdb083987056dbb1afe1

    • SHA1

      ed4f3176f52f88740b2dbaece31019cc9c492ac4

    • SHA256

      90232fae9752278506a768b743485a74e75cce88e7f8b3659e45bc0f7ccc5d9e

    • SHA512

      18eef01a599b68800ee6da62dbc6da521243d1b71154567c59815ec5d37d86fa545a95d0effb84390b0db407dcc14531460565d0b818fead3ee9bcccd81dbd48

    • SSDEEP

      24576:Gys1wabxFaBoCYLBN7yKML+Mh6PbdnIyc3N9D:VszxwFYLbyn+Mh3yc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks