General

  • Target

    f68eb0fa96bcf7daf89882338d82115f3561711b46a8f34ad7e65e93f9904799

  • Size

    793KB

  • Sample

    241111-js6kwavnht

  • MD5

    2b1a10cfb9a9b9929ccaf4a8f6f8956e

  • SHA1

    3c8d202c9545a13c35255d0d6c13bdc7c0e6c99c

  • SHA256

    f68eb0fa96bcf7daf89882338d82115f3561711b46a8f34ad7e65e93f9904799

  • SHA512

    16989463ef83255a03e282fff630519b23c368943bd0be464df2c5c1ee0ff29a50720cef47dcf1df5cec08ebf69d3f5d0dcb7526a9e4e85d361b04a69780050a

  • SSDEEP

    12288:EMrUy907lXp3ux5nLF2+6XchD+FoVQ3cpURARVTXyDEWFMzubth:QygZ0RF2khDlQ8V+jrth

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      f68eb0fa96bcf7daf89882338d82115f3561711b46a8f34ad7e65e93f9904799

    • Size

      793KB

    • MD5

      2b1a10cfb9a9b9929ccaf4a8f6f8956e

    • SHA1

      3c8d202c9545a13c35255d0d6c13bdc7c0e6c99c

    • SHA256

      f68eb0fa96bcf7daf89882338d82115f3561711b46a8f34ad7e65e93f9904799

    • SHA512

      16989463ef83255a03e282fff630519b23c368943bd0be464df2c5c1ee0ff29a50720cef47dcf1df5cec08ebf69d3f5d0dcb7526a9e4e85d361b04a69780050a

    • SSDEEP

      12288:EMrUy907lXp3ux5nLF2+6XchD+FoVQ3cpURARVTXyDEWFMzubth:QygZ0RF2khDlQ8V+jrth

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks