General

  • Target

    3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c

  • Size

    385KB

  • Sample

    241110-ebjybssjhl

  • MD5

    3182277541120cbc3808e4a7f044749f

  • SHA1

    1f6b4004c282ddf6ed65cf28fb3a23ad46472ca1

  • SHA256

    3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c

  • SHA512

    9fd30094ed7137ab4ecf10e453badf5ab1bda915c356d6fbd1d55834a31dfe228016022eda6519ea0f9055ece17cdbdf1b7a3f77ca21542f543b3cd4f5225b24

  • SSDEEP

    6144:K/y+bnr+Jp0yN90QE8PtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN/:NMrVy90AtBLBt/cwlsWzTEItpi1X0a

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c

    • Size

      385KB

    • MD5

      3182277541120cbc3808e4a7f044749f

    • SHA1

      1f6b4004c282ddf6ed65cf28fb3a23ad46472ca1

    • SHA256

      3c337f363067f1fa31e288c4a3aa0c9f070d3997b92bea283659659c85cec27c

    • SHA512

      9fd30094ed7137ab4ecf10e453badf5ab1bda915c356d6fbd1d55834a31dfe228016022eda6519ea0f9055ece17cdbdf1b7a3f77ca21542f543b3cd4f5225b24

    • SSDEEP

      6144:K/y+bnr+Jp0yN90QE8PtBbHBZaaj/cwQc4VsbzTEIowF1ikpi1X0LAN/:NMrVy90AtBLBt/cwlsWzTEItpi1X0a

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks