General

  • Target

    f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024

  • Size

    409KB

  • Sample

    241110-ekhrmaslel

  • MD5

    5b6a145e7d11d5bdfeea12459424947a

  • SHA1

    dae42123cf92b0215059d07ce35ae598396edcfb

  • SHA256

    f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024

  • SHA512

    e068a3d8184074fdc927f9e1c14d55d88a7eda056c7210c8711ba0b5e0fb5687e94bcb4d7e8c1b4585c033860a44143ab586a9fcdde91fce724469773eb15c02

  • SSDEEP

    12288:0Mrmy90EsxOxDmS4wzBrfbVPcVIMhyhuGypK:6y2xkBXzxDVUVIK3pK

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024

    • Size

      409KB

    • MD5

      5b6a145e7d11d5bdfeea12459424947a

    • SHA1

      dae42123cf92b0215059d07ce35ae598396edcfb

    • SHA256

      f58ffb91e59e6eec2c0894e1fe38f1fbadfd7f58d054a5069e2621a5d78a2024

    • SHA512

      e068a3d8184074fdc927f9e1c14d55d88a7eda056c7210c8711ba0b5e0fb5687e94bcb4d7e8c1b4585c033860a44143ab586a9fcdde91fce724469773eb15c02

    • SSDEEP

      12288:0Mrmy90EsxOxDmS4wzBrfbVPcVIMhyhuGypK:6y2xkBXzxDVUVIK3pK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks