General

  • Target

    54b8753312df865cf1b7d5709591358dc3ee7370bd1c1333c7220b09b8c06238

  • Size

    551KB

  • Sample

    241109-xvlv5szjez

  • MD5

    933652bd18b34f0032ba423971bcf835

  • SHA1

    72bf45cc63a4330a614986b132df29d9a72d7b1f

  • SHA256

    54b8753312df865cf1b7d5709591358dc3ee7370bd1c1333c7220b09b8c06238

  • SHA512

    09977c20fec6f1d55ff6914d82cf096daa8521ba8b67e402bda1bdfe733bb06c857787fa98db86ebf5f99e0228328f4c3c8f724c16827b9ff230a1aad246e94c

  • SSDEEP

    12288:1Mrky90TxEVE8f0W941NQXCWMMmWFAEr9TChDz5P61z:NymiVbfz9u4PMMJFXls35C1z

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      54b8753312df865cf1b7d5709591358dc3ee7370bd1c1333c7220b09b8c06238

    • Size

      551KB

    • MD5

      933652bd18b34f0032ba423971bcf835

    • SHA1

      72bf45cc63a4330a614986b132df29d9a72d7b1f

    • SHA256

      54b8753312df865cf1b7d5709591358dc3ee7370bd1c1333c7220b09b8c06238

    • SHA512

      09977c20fec6f1d55ff6914d82cf096daa8521ba8b67e402bda1bdfe733bb06c857787fa98db86ebf5f99e0228328f4c3c8f724c16827b9ff230a1aad246e94c

    • SSDEEP

      12288:1Mrky90TxEVE8f0W941NQXCWMMmWFAEr9TChDz5P61z:NymiVbfz9u4PMMJFXls35C1z

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks