General

  • Target

    52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56

  • Size

    1.2MB

  • Sample

    241110-d1f3asydnp

  • MD5

    76893176aa3235c16805dca1ba9f3d33

  • SHA1

    c2d443ce21269b3f8b29c91aa20dc90cf5a322f4

  • SHA256

    52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56

  • SHA512

    204d111d2abc896473398515e5e0cac44f3a8c9b7edcfce153fedde3f6b242041b5efe58db7856bdd6ea02fbabb19bb8485225aa8886b4cdca2aa6899b7dc1b0

  • SSDEEP

    24576:noAE92+mzXLkTpkNvet2T013Sa+Eu158ltYwQlVsdlUUULg:oAE92+aI20L3Y6akN

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56

    • Size

      1.2MB

    • MD5

      76893176aa3235c16805dca1ba9f3d33

    • SHA1

      c2d443ce21269b3f8b29c91aa20dc90cf5a322f4

    • SHA256

      52262e15c3ffb2c7e0f8e5dc5bec36380b87db941e8f9eb7d5ac953e5755bd56

    • SHA512

      204d111d2abc896473398515e5e0cac44f3a8c9b7edcfce153fedde3f6b242041b5efe58db7856bdd6ea02fbabb19bb8485225aa8886b4cdca2aa6899b7dc1b0

    • SSDEEP

      24576:noAE92+mzXLkTpkNvet2T013Sa+Eu158ltYwQlVsdlUUULg:oAE92+aI20L3Y6akN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks