General

  • Target

    e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce

  • Size

    864KB

  • Sample

    241109-y1qxqatqbm

  • MD5

    244f899bf0ba9ada43c125cc3621531e

  • SHA1

    0e847611fa86e78d86fa27f9ba6f0a950e3d6bd2

  • SHA256

    e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce

  • SHA512

    99f42e812f0a83da1343066f444f836eeb6adc47abd9a63eba8ce985169cb317c39235d4a3a529974ae07ad638d16ff63c84f0a042c4adeee60c38915ea3d5c0

  • SSDEEP

    12288:IMrHy90fsF9VBiQSlGUo198VpqAeF01O/DNqUSu/KSWv1Y6TT0rSO:vyXFp4GUeK2F6A/DNNSGKSWG6n0t

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce

    • Size

      864KB

    • MD5

      244f899bf0ba9ada43c125cc3621531e

    • SHA1

      0e847611fa86e78d86fa27f9ba6f0a950e3d6bd2

    • SHA256

      e2ce39300d4d87df4be6765254e5133ffba960fc5a1547cde9dc1377674fa0ce

    • SHA512

      99f42e812f0a83da1343066f444f836eeb6adc47abd9a63eba8ce985169cb317c39235d4a3a529974ae07ad638d16ff63c84f0a042c4adeee60c38915ea3d5c0

    • SSDEEP

      12288:IMrHy90fsF9VBiQSlGUo198VpqAeF01O/DNqUSu/KSWv1Y6TT0rSO:vyXFp4GUeK2F6A/DNNSGKSWG6n0t

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks