General

  • Target

    9e24c8c64272f64bc030baac35c4af55a3dacf0ece91aa547d0613a8a473ecf5

  • Size

    860KB

  • Sample

    241110-byn9sawhme

  • MD5

    583420789dac3709f424292e68c90f87

  • SHA1

    b99d2472ba3670342f655b4cd34b59489c146664

  • SHA256

    9e24c8c64272f64bc030baac35c4af55a3dacf0ece91aa547d0613a8a473ecf5

  • SHA512

    5f7b62e97e8801b4973f883ea14d46f856bb704d4bf7cebf2cd7b2deac996b06c529ff0f36000693a64de10ff3814040e9c9d55762555373fc49aaefd29fd496

  • SSDEEP

    24576:GycukIV4qX8hIDutW8SLz5T3vKA+hPG2dSC:VUIiqXHsW8kz5T3vJp

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      9e24c8c64272f64bc030baac35c4af55a3dacf0ece91aa547d0613a8a473ecf5

    • Size

      860KB

    • MD5

      583420789dac3709f424292e68c90f87

    • SHA1

      b99d2472ba3670342f655b4cd34b59489c146664

    • SHA256

      9e24c8c64272f64bc030baac35c4af55a3dacf0ece91aa547d0613a8a473ecf5

    • SHA512

      5f7b62e97e8801b4973f883ea14d46f856bb704d4bf7cebf2cd7b2deac996b06c529ff0f36000693a64de10ff3814040e9c9d55762555373fc49aaefd29fd496

    • SSDEEP

      24576:GycukIV4qX8hIDutW8SLz5T3vKA+hPG2dSC:VUIiqXHsW8kz5T3vJp

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks