General

  • Target

    76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c

  • Size

    694KB

  • Sample

    241110-dwgg9sxrat

  • MD5

    cf6a30a9521a99016576e595511ae9b6

  • SHA1

    2a29fa7825d5a3268b23ac6e4bb7dec33c598e1b

  • SHA256

    76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c

  • SHA512

    d218621853e8c997cb758853a3bf3f7824fa07b5942897b517824c5ed41380d7ade3c8281f3ce9b945b3c48cc2ea1aefab946a5c3d0dab3f6ac629cdf594d78d

  • SSDEEP

    12288:UMrry90+jAgJHDSukNxd0K2+xtpg0wiVcAaj8NMNYaTjRp0er6BLs0c:nyvDjrUxub+xtpgoVGyMN13YDIJ

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c

    • Size

      694KB

    • MD5

      cf6a30a9521a99016576e595511ae9b6

    • SHA1

      2a29fa7825d5a3268b23ac6e4bb7dec33c598e1b

    • SHA256

      76291f6192fec55654a502f9af5dc01fcefa8a3b9c400babae6970cc4886d57c

    • SHA512

      d218621853e8c997cb758853a3bf3f7824fa07b5942897b517824c5ed41380d7ade3c8281f3ce9b945b3c48cc2ea1aefab946a5c3d0dab3f6ac629cdf594d78d

    • SSDEEP

      12288:UMrry90+jAgJHDSukNxd0K2+xtpg0wiVcAaj8NMNYaTjRp0er6BLs0c:nyvDjrUxub+xtpgoVGyMN13YDIJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks