General

  • Target

    f971e3fc82bbc1e6b7c926aa645a1a78a1eaf1b3529271cd205d857d24043505

  • Size

    859KB

  • Sample

    241110-a39wlswbjl

  • MD5

    b0e2acbbf4acb44c98ba22104aca2663

  • SHA1

    f774d779c373f54f9190d645719144ba17a9f56c

  • SHA256

    f971e3fc82bbc1e6b7c926aa645a1a78a1eaf1b3529271cd205d857d24043505

  • SHA512

    081e6044ffa500c75e376edf5a4d469f44e1865ea0ae084ef76122952599fb721ad8fe1f58fa2746b0bc1c6da7fbe49c491da529f92ea2d0adf2e872a6619081

  • SSDEEP

    24576:OyrTBQZTuT3r6IDrMW8HHOr3krodhy88ela:drTBQ+XgW8HHOr3kty

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f971e3fc82bbc1e6b7c926aa645a1a78a1eaf1b3529271cd205d857d24043505

    • Size

      859KB

    • MD5

      b0e2acbbf4acb44c98ba22104aca2663

    • SHA1

      f774d779c373f54f9190d645719144ba17a9f56c

    • SHA256

      f971e3fc82bbc1e6b7c926aa645a1a78a1eaf1b3529271cd205d857d24043505

    • SHA512

      081e6044ffa500c75e376edf5a4d469f44e1865ea0ae084ef76122952599fb721ad8fe1f58fa2746b0bc1c6da7fbe49c491da529f92ea2d0adf2e872a6619081

    • SSDEEP

      24576:OyrTBQZTuT3r6IDrMW8HHOr3krodhy88ela:drTBQ+XgW8HHOr3kty

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks