Overview
overview
10Static
static
8Heart-Send...ig.bat
windows7_x64
10Heart-Send...ig.bat
windows10_x64
10Heart-Send...ck.dll
windows7_x64
1Heart-Send...ck.dll
windows10_x64
1Heart-Send...ad.exe
windows7_x64
3Heart-Send...ad.exe
windows10_x64
1Heart-Send...er.exe
windows7_x64
9Heart-Send...er.exe
windows10_x64
9Heart-Send...r1.exe
windows7_x64
9Heart-Send...r1.exe
windows10_x64
9Heart-Send...ye.exe
windows7_x64
10Heart-Send...ye.exe
windows10_x64
10Heart-Send...ck.dll
windows7_x64
1Heart-Send...ck.dll
windows10_x64
1Heart-Send...ad.exe
windows7_x64
1Heart-Send...ad.exe
windows10_x64
1General
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye.zip.zip
-
Size
1.4MB
-
Sample
210309-1dzkf8pmcx
-
MD5
d969c15fe9871ad9e6398e5718512a04
-
SHA1
1026dbc685f152d4e5a2307d88fc13a3a8750aae
-
SHA256
d89a2246c6db2ec558bce3f1b3ca0cf32eb7dd9905b1ff30f802732434254c93
-
SHA512
436dc836d3806061dedd989ada2e0c4458404a5c1a7221c7cd56051c06ac66aa0ba20ef3bace452ef480aa37eedaad42ae1d7ba31d16ba4dc075902e5b5f456e
Static task
static1
Behavioral task
behavioral1
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Config.bat
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Config.bat
Resource
win10v20201028
Behavioral task
behavioral3
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Heart/HtmlAgilityPack.dll
Resource
win7v20201028
Behavioral task
behavioral4
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Heart/HtmlAgilityPack.dll
Resource
win10v20201028
Behavioral task
behavioral5
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Heart/Load.exe
Resource
win7v20201028
Behavioral task
behavioral6
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Heart/Load.exe
Resource
win10v20201028
Behavioral task
behavioral7
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Loader.exe
Resource
win7v20201028
Behavioral task
behavioral8
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Loader.exe
Resource
win10v20201028
Behavioral task
behavioral9
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Loader1.exe
Resource
win7v20201028
Behavioral task
behavioral10
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Loader1.exe
Resource
win10v20201028
Behavioral task
behavioral11
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Heart-Sender-V1.2 Cracked by JC0der-FireEye.exe
Resource
win7v20201028
Behavioral task
behavioral12
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Heart-Sender-V1.2 Cracked by JC0der-FireEye.exe
Resource
win10v20201028
Behavioral task
behavioral13
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/HtmlAgilityPack.dll
Resource
win7v20201028
Behavioral task
behavioral14
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/HtmlAgilityPack.dll
Resource
win10v20201028
Behavioral task
behavioral15
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Load.exe
Resource
win7v20201028
Behavioral task
behavioral16
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Load.exe
Resource
win10v20201028
Malware Config
Extracted
quasar
1.3.0.0
Heart
185.163.127.20:61110
HRT_MUTEX_kecTsVDPnERdvianlr
-
encryption_key
3vnM9JqtaSdxUVqeTXSi
-
install_name
Subfile.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDirr
Extracted
njrat
0.7d
HacKedTEST
chipo.publicvm.com:1177
4c71585ab01a8f1344352fb1f26b00fd
-
reg_key
4c71585ab01a8f1344352fb1f26b00fd
-
splitter
|'|'|
Targets
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Config.bat
-
Size
580B
-
MD5
028f22a9de1e96042ba3c22231565d7f
-
SHA1
644f9c79a0338fd1073b66fcf5a96851c0c06ad6
-
SHA256
cae2e9ddb120b89bb863815fbee0eeb597f576ec442242a87795244d2c2c8042
-
SHA512
711a649a2e906c31997fe3d1f9f6fffa3bdd36118c9e11a0fd8acc7b662656d9c63db7f7e8a6c64240b78cbdc22594d1863042911057f539dadebb05c03c9d8b
-
Quasar Payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies AppInit DLL entries
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Heart/HtmlAgilityPack.dll
-
Size
123KB
-
MD5
97458fb37fcbea19b16704474e0bb747
-
SHA1
d846a58c2dfa287dc070a3b3eaa12de54aefc5f4
-
SHA256
eb6841497cafab1aac432b09f4979997fa3314d4828be15cdbd37f621ba38eac
-
SHA512
7edeaadae25c60acf5fa969655ad667826dbec8025a09bd14933d81c3fddf2e6409c2f60345da2420d63c70b3b4985f8e33913fe09af5cb4695b28b2ba561f3d
Score1/10 -
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Heart/Load.exe
-
Size
226KB
-
MD5
9c7691ff597e9efd7f796b31accb78e8
-
SHA1
81bb289aa37d182b60e86990376a375de7a8decc
-
SHA256
1624af752c9f85fd117fafb28feb42a079f283dc133cdcc5799810072a95a6cb
-
SHA512
739f187aaeda13b7ebef3918a965b8da4ee939cd3e60d36802768f52be7b08f5964b121d1e977f4c408ff8ae6aba02df4a4d37785735c2f70d8610551cbab135
Score3/10 -
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Loader.exe
-
Size
292KB
-
MD5
f0aa6235c34fb2c5af7bfa214ddfea07
-
SHA1
83265dfd7fc52cfe57d6ba12774aed62af731746
-
SHA256
e9780f257098c6503bf1c5a3715f27409c5015efe67060edb858c8bb54f876b3
-
SHA512
32af8d069f9d3cac141f8cdc5ad21eb29cddaf7c498eda4e68790c9bbaefb3d517eee6025824b758a4967f2d07ab4195da5ff9cf74145b72b163b0c3cc8e93c3
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Modifies AppInit DLL entries
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Config/Loader1.exe
-
Size
147KB
-
MD5
0a020a0a5f365ca997abb2c1c7ceb6d6
-
SHA1
c3d7efdd2c2156729bf4ac905edb95f7b2ac8ae8
-
SHA256
e0ec77a3548c4e55bc655b6754e8205bc09dd444e94886d3906e45fdff59ac02
-
SHA512
98c85a19bc692603264bd2b408f40b92a0942ba5850f790a83a7a3c1467b1ea6a0922db6c7613cc14e248c43cbdb3dd098e6bef9f86a0eeca9ecccafb1667943
Score9/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Heart-Sender-V1.2 Cracked by JC0der-FireEye.exe
-
Size
1.1MB
-
MD5
3ab47d7d723c1661807084d39d4b7744
-
SHA1
a8790ce365a8e62d3f38fe2b6fae36b34f7a5a18
-
SHA256
05ecfbb70aa1785e6c8aad3c7da653a797aba2193b7ef136d68e50e23315fbe2
-
SHA512
667c794cbd3bec294a5b6321ec25624a2dc4c44da240ddba7759dceeaca303a34891be85a09bece13bfb8763bfcd6041d08d55e723c2f846a0938bf196cb7d84
-
Quasar Payload
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies AppInit DLL entries
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
autoit_exe
AutoIT scripts compiled to PE executables.
-
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/HtmlAgilityPack.dll
-
Size
123KB
-
MD5
97458fb37fcbea19b16704474e0bb747
-
SHA1
d846a58c2dfa287dc070a3b3eaa12de54aefc5f4
-
SHA256
eb6841497cafab1aac432b09f4979997fa3314d4828be15cdbd37f621ba38eac
-
SHA512
7edeaadae25c60acf5fa969655ad667826dbec8025a09bd14933d81c3fddf2e6409c2f60345da2420d63c70b3b4985f8e33913fe09af5cb4695b28b2ba561f3d
Score1/10 -
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye/Load.exe
-
Size
226KB
-
MD5
9c7691ff597e9efd7f796b31accb78e8
-
SHA1
81bb289aa37d182b60e86990376a375de7a8decc
-
SHA256
1624af752c9f85fd117fafb28feb42a079f283dc133cdcc5799810072a95a6cb
-
SHA512
739f187aaeda13b7ebef3918a965b8da4ee939cd3e60d36802768f52be7b08f5964b121d1e977f4c408ff8ae6aba02df4a4d37785735c2f70d8610551cbab135
Score1/10 -