General

  • Target

    31666e36f117dc608122f77bde9fec3fe7b14299343c251093b16eb8d07a42cf

  • Size

    895KB

  • Sample

    241111-zswnnszkaq

  • MD5

    23f140bbeb856dc4cb2a357897163323

  • SHA1

    cde94b11472a0061dea756a44ba16ee254cf503c

  • SHA256

    31666e36f117dc608122f77bde9fec3fe7b14299343c251093b16eb8d07a42cf

  • SHA512

    e94eee5bd1ac257f5653eed555eaeb2dc043df171daf67907c3ba9bcabf26fd5a27fd6b2fbd26495ee4ae12f846f6feeb618d56172c473987333378d806a3b5b

  • SSDEEP

    24576:Jyzyppbwzvqo3ke/uMRGar/hm2ABatigGo:8zyppOLVGA/JABa0h

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      31666e36f117dc608122f77bde9fec3fe7b14299343c251093b16eb8d07a42cf

    • Size

      895KB

    • MD5

      23f140bbeb856dc4cb2a357897163323

    • SHA1

      cde94b11472a0061dea756a44ba16ee254cf503c

    • SHA256

      31666e36f117dc608122f77bde9fec3fe7b14299343c251093b16eb8d07a42cf

    • SHA512

      e94eee5bd1ac257f5653eed555eaeb2dc043df171daf67907c3ba9bcabf26fd5a27fd6b2fbd26495ee4ae12f846f6feeb618d56172c473987333378d806a3b5b

    • SSDEEP

      24576:Jyzyppbwzvqo3ke/uMRGar/hm2ABatigGo:8zyppOLVGA/JABa0h

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks