General

  • Target

    0f18a480d91e5c3d210ac18aa89299afdfce9c8cea8a85d1bb79f92f4fb049f7

  • Size

    788KB

  • Sample

    241109-y6rffa1jct

  • MD5

    32bfa548e79154959edd5f4dd29bab5b

  • SHA1

    09ce7e7a843881889cdb330a823c09922a0c2866

  • SHA256

    0f18a480d91e5c3d210ac18aa89299afdfce9c8cea8a85d1bb79f92f4fb049f7

  • SHA512

    51cdfd0617df73f49ba161454acf61d235bb11cd103ea606c825032b0eaea9078df6ab1cef607133699e55daa4e027d68670b95a41d9bb910c9fc6a26fe71eac

  • SSDEEP

    12288:oMrPy90QJnipgK/osL2hSCnFav61AyMAOpUuCVGv9baeRP+Y/Dpz9NBDCI:HyEgcoEmFa/Pp2cGel+uNBr

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      0f18a480d91e5c3d210ac18aa89299afdfce9c8cea8a85d1bb79f92f4fb049f7

    • Size

      788KB

    • MD5

      32bfa548e79154959edd5f4dd29bab5b

    • SHA1

      09ce7e7a843881889cdb330a823c09922a0c2866

    • SHA256

      0f18a480d91e5c3d210ac18aa89299afdfce9c8cea8a85d1bb79f92f4fb049f7

    • SHA512

      51cdfd0617df73f49ba161454acf61d235bb11cd103ea606c825032b0eaea9078df6ab1cef607133699e55daa4e027d68670b95a41d9bb910c9fc6a26fe71eac

    • SSDEEP

      12288:oMrPy90QJnipgK/osL2hSCnFav61AyMAOpUuCVGv9baeRP+Y/Dpz9NBDCI:HyEgcoEmFa/Pp2cGel+uNBr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks