General

  • Target

    42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447

  • Size

    787KB

  • Sample

    241110-dnznwaxpgv

  • MD5

    7a7a25999689db2f7c96fbf52d6ed7bc

  • SHA1

    c5bc42070b267226413a9251a014030db6e617fc

  • SHA256

    42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447

  • SHA512

    e13bd9536a9226f4b322276a915ec595e8aee16ac8bd92e1438ac992248e5140c6d995250fe3f55d5079e9d6e146614d9d34978600de670d083964d7e2fc1396

  • SSDEEP

    24576:6yoPQrG/zvBPB3VhKF3f1FnIC617Kweipy:Bu/zBPFaNFG17Kfe

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447

    • Size

      787KB

    • MD5

      7a7a25999689db2f7c96fbf52d6ed7bc

    • SHA1

      c5bc42070b267226413a9251a014030db6e617fc

    • SHA256

      42d9871044423418b99116be419b29d27675ca37d0abde1b398e1029bab62447

    • SHA512

      e13bd9536a9226f4b322276a915ec595e8aee16ac8bd92e1438ac992248e5140c6d995250fe3f55d5079e9d6e146614d9d34978600de670d083964d7e2fc1396

    • SSDEEP

      24576:6yoPQrG/zvBPB3VhKF3f1FnIC617Kweipy:Bu/zBPFaNFG17Kfe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks