General

  • Target

    bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616

  • Size

    794KB

  • Sample

    241110-b7wefswlgz

  • MD5

    f0e465a56823e274bfe996db01cc312b

  • SHA1

    9d24c747588b0463295e3f66fc5c9cbfc436af84

  • SHA256

    bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616

  • SHA512

    2e1d4ca0125624efb451cad881cc2c6abe1f26fe7eb555dc69026cc9c7ba2d6e9f2789652710ec83aa6262dedcce750abb0d8b9b59953e55e3948af47d458c48

  • SSDEEP

    24576:YykSqd+C2lIV3Cxgf+OqtitFkIQULofr:fkx2uVzfJbtFqu

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616

    • Size

      794KB

    • MD5

      f0e465a56823e274bfe996db01cc312b

    • SHA1

      9d24c747588b0463295e3f66fc5c9cbfc436af84

    • SHA256

      bdb9445f8869c76dbc0484f5fcc2d20bbf2539e51cd868da376659b5d6213616

    • SHA512

      2e1d4ca0125624efb451cad881cc2c6abe1f26fe7eb555dc69026cc9c7ba2d6e9f2789652710ec83aa6262dedcce750abb0d8b9b59953e55e3948af47d458c48

    • SSDEEP

      24576:YykSqd+C2lIV3Cxgf+OqtitFkIQULofr:fkx2uVzfJbtFqu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks