General

  • Target

    a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214dN.exe

  • Size

    787KB

  • Sample

    241114-jxp4pavphw

  • MD5

    c4843083b81bda5311cb304408e69330

  • SHA1

    efc6cd04158de6ce58a3cc96764979f51ba3873c

  • SHA256

    a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214d

  • SHA512

    899f15dcd8f05371d1595bf49fc3d15b3a973e6af808dea02537e08209bc2379a416d9c48e39b09b0c024bf6e58cd2ed52d9350a59212d0df5372075b8cc77ff

  • SSDEEP

    24576:NyzSMEvTgvipuOJWFr1NOXSOP/YIQqUl0ae:o3oduOUZNOCyYIlUv

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes
  • auth_value

    ecf79d7f5227d998a3501c972d915d23

Targets

    • Target

      a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214dN.exe

    • Size

      787KB

    • MD5

      c4843083b81bda5311cb304408e69330

    • SHA1

      efc6cd04158de6ce58a3cc96764979f51ba3873c

    • SHA256

      a000c524a9b76417c772df8b34465f55754da2094d5a5ee0d6d6fa68b62f214d

    • SHA512

      899f15dcd8f05371d1595bf49fc3d15b3a973e6af808dea02537e08209bc2379a416d9c48e39b09b0c024bf6e58cd2ed52d9350a59212d0df5372075b8cc77ff

    • SSDEEP

      24576:NyzSMEvTgvipuOJWFr1NOXSOP/YIQqUl0ae:o3oduOUZNOCyYIlUv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks