General

  • Target

    ba4af4cf8411f8982061ef976874f2b01665d2f45ec56a9bd39d319e55cfc05d

  • Size

    861KB

  • Sample

    241110-b1v54sxajh

  • MD5

    6db42ad0b3def3b521a34a23fd8db68d

  • SHA1

    08c8661dbe318cb95c08a751b48100cb1e8e5624

  • SHA256

    ba4af4cf8411f8982061ef976874f2b01665d2f45ec56a9bd39d319e55cfc05d

  • SHA512

    fea8c73f54a9b2e8ef990592170ebc4e537c4e55c6620d61322b596958631d43c1616d0a156769be684f178d2f5cb09101e88518512120367b144e506a39af2d

  • SSDEEP

    12288:QMr5y90bCgNu/yBpLhvy6jIkBdKJZbzU3rdmekQfm2xof/8p5UjicF4qSJgPaTBe:5yETs/gy6j1LKL/TeRCfW4RAgPOI3

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      ba4af4cf8411f8982061ef976874f2b01665d2f45ec56a9bd39d319e55cfc05d

    • Size

      861KB

    • MD5

      6db42ad0b3def3b521a34a23fd8db68d

    • SHA1

      08c8661dbe318cb95c08a751b48100cb1e8e5624

    • SHA256

      ba4af4cf8411f8982061ef976874f2b01665d2f45ec56a9bd39d319e55cfc05d

    • SHA512

      fea8c73f54a9b2e8ef990592170ebc4e537c4e55c6620d61322b596958631d43c1616d0a156769be684f178d2f5cb09101e88518512120367b144e506a39af2d

    • SSDEEP

      12288:QMr5y90bCgNu/yBpLhvy6jIkBdKJZbzU3rdmekQfm2xof/8p5UjicF4qSJgPaTBe:5yETs/gy6j1LKL/TeRCfW4RAgPOI3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks