General

  • Target

    a444a0b78838aeb1e126897812187d910e73b78a129f3d8afa24819ac6ceedc9

  • Size

    792KB

  • Sample

    241110-d2ewmaydql

  • MD5

    f0a808e3beeaf117c70fe224ef225a74

  • SHA1

    10be0378934d71a8b58f9ba7b21ba6006a5b3da2

  • SHA256

    a444a0b78838aeb1e126897812187d910e73b78a129f3d8afa24819ac6ceedc9

  • SHA512

    47420d18931c3ec45dd0863820cb8226131b41a86b9af8b1fab427f37a0ab56d0edc93d40627b388c7aa63e8e06ceea51070d4814eb9688f75ea97957c576f44

  • SSDEEP

    12288:sMroy908vpLV/V2yS+R7tAUtwAaG2fxfcoXp6Y1SN3dSk+isDDisIle/5sN5:UyxZV5SutAUt9aFZH+3gkoDAe/OL

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      a444a0b78838aeb1e126897812187d910e73b78a129f3d8afa24819ac6ceedc9

    • Size

      792KB

    • MD5

      f0a808e3beeaf117c70fe224ef225a74

    • SHA1

      10be0378934d71a8b58f9ba7b21ba6006a5b3da2

    • SHA256

      a444a0b78838aeb1e126897812187d910e73b78a129f3d8afa24819ac6ceedc9

    • SHA512

      47420d18931c3ec45dd0863820cb8226131b41a86b9af8b1fab427f37a0ab56d0edc93d40627b388c7aa63e8e06ceea51070d4814eb9688f75ea97957c576f44

    • SSDEEP

      12288:sMroy908vpLV/V2yS+R7tAUtwAaG2fxfcoXp6Y1SN3dSk+isDDisIle/5sN5:UyxZV5SutAUt9aFZH+3gkoDAe/OL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks