General

  • Target

    10ab56640232a8c0d1f49863f8181b07a8ead639b627b8922af384a07eb6cddf

  • Size

    864KB

  • Sample

    241110-dnxvaaydld

  • MD5

    a042def1da300e841e139bae50dad05a

  • SHA1

    a2f094ab52c0c53133e62781c5613d44d27a1442

  • SHA256

    10ab56640232a8c0d1f49863f8181b07a8ead639b627b8922af384a07eb6cddf

  • SHA512

    cde648f977a84f0d8c2da3b78361788f663609a5088a9414a782520ede27f44f642595111b7c33a082e16544d7190b9fbeb0306587dc622f8266573ac83fd105

  • SSDEEP

    12288:1MrQy9009/UmuYGzx/WTl8yHsC+XJmfx4dLX9qOXWTJNQ8UtlrNu/KSRv1c6dMAy:lyZJ5GV/2bf+XJJs5e5NGKSRC6dNxjs

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      10ab56640232a8c0d1f49863f8181b07a8ead639b627b8922af384a07eb6cddf

    • Size

      864KB

    • MD5

      a042def1da300e841e139bae50dad05a

    • SHA1

      a2f094ab52c0c53133e62781c5613d44d27a1442

    • SHA256

      10ab56640232a8c0d1f49863f8181b07a8ead639b627b8922af384a07eb6cddf

    • SHA512

      cde648f977a84f0d8c2da3b78361788f663609a5088a9414a782520ede27f44f642595111b7c33a082e16544d7190b9fbeb0306587dc622f8266573ac83fd105

    • SSDEEP

      12288:1MrQy9009/UmuYGzx/WTl8yHsC+XJmfx4dLX9qOXWTJNQ8UtlrNu/KSRv1c6dMAy:lyZJ5GV/2bf+XJJs5e5NGKSRC6dNxjs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks