General

  • Target

    e6852eb18d1b1d0578e85b9e2973c9a4df5de693509561f9ff62363d048da6bb

  • Size

    792KB

  • Sample

    241111-lwx41swrd1

  • MD5

    5d3a69031929664fde7215a256489efa

  • SHA1

    4a1d78fdbf51afabdf5b2dddfcf5b8c6a138fe26

  • SHA256

    e6852eb18d1b1d0578e85b9e2973c9a4df5de693509561f9ff62363d048da6bb

  • SHA512

    15a74873114b7eee56db200f703cf11f0d9225d41f2730719ac79ca050a27ab1d2a7f75f5f8db6dd861c8275fdc5d575da2478f2ea2792147c1d611c63b6e500

  • SSDEEP

    24576:NyvowVYYEVqzDna78ASJUS++iuveGONk9p0rV5:oxXaYDa7W6S++iuvmN

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      e6852eb18d1b1d0578e85b9e2973c9a4df5de693509561f9ff62363d048da6bb

    • Size

      792KB

    • MD5

      5d3a69031929664fde7215a256489efa

    • SHA1

      4a1d78fdbf51afabdf5b2dddfcf5b8c6a138fe26

    • SHA256

      e6852eb18d1b1d0578e85b9e2973c9a4df5de693509561f9ff62363d048da6bb

    • SHA512

      15a74873114b7eee56db200f703cf11f0d9225d41f2730719ac79ca050a27ab1d2a7f75f5f8db6dd861c8275fdc5d575da2478f2ea2792147c1d611c63b6e500

    • SSDEEP

      24576:NyvowVYYEVqzDna78ASJUS++iuveGONk9p0rV5:oxXaYDa7W6S++iuvmN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks