General

  • Target

    cb4bb8b76ce035380524148306720e36a082ccee3cda6754d2df81ff4414b8f1

  • Size

    385KB

  • Sample

    241110-bnktlsyqej

  • MD5

    63f986a45074ec95812d47f22b1ea598

  • SHA1

    da614cc4d100a8216b37d5f915b1709a6b8e9dc7

  • SHA256

    cb4bb8b76ce035380524148306720e36a082ccee3cda6754d2df81ff4414b8f1

  • SHA512

    1efc9189b61ff884beaaee1adc7d70178a6754adf72c4894fc3c6a71aeee3c7363338767dcd290646626a7edeaa9f4edd86bb36787bb82ba695b35fa84ce4e19

  • SSDEEP

    6144:K9y+bnr+ep0yN90QEUC3NbeS17JpvGGqjbXIAjh6kyAuGy/qnZWPi:DMrqy90jNt17JpJqjbYC6oyC8Pi

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      cb4bb8b76ce035380524148306720e36a082ccee3cda6754d2df81ff4414b8f1

    • Size

      385KB

    • MD5

      63f986a45074ec95812d47f22b1ea598

    • SHA1

      da614cc4d100a8216b37d5f915b1709a6b8e9dc7

    • SHA256

      cb4bb8b76ce035380524148306720e36a082ccee3cda6754d2df81ff4414b8f1

    • SHA512

      1efc9189b61ff884beaaee1adc7d70178a6754adf72c4894fc3c6a71aeee3c7363338767dcd290646626a7edeaa9f4edd86bb36787bb82ba695b35fa84ce4e19

    • SSDEEP

      6144:K9y+bnr+ep0yN90QEUC3NbeS17JpvGGqjbXIAjh6kyAuGy/qnZWPi:DMrqy90jNt17JpJqjbYC6oyC8Pi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks