General
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye_zip.exe
-
Size
1.5MB
-
Sample
210309-wjcpnc2khe
-
MD5
39c155feba403930d14b9120798d2d32
-
SHA1
f216c232a58b71c0f2cc0a869c722859c2cfcfa8
-
SHA256
e42c1e8dd84758e1de952293324126e5bbe6de9cb58f63374eba6d20e01b4350
-
SHA512
5c0b311d5329b218da69744573e40b463b94c1fb4efd2627d9976f2c7c933fd7ee21b0ad4effb87cd8d6387b4cc7fcddab3a1054f21e806cd79f090fa04cf4bb
Static task
static1
Behavioral task
behavioral1
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye_zip.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye_zip.exe
Resource
win10v20201028
Malware Config
Extracted
njrat
0.7d
HacKedTEST
chipo.publicvm.com:1177
4c71585ab01a8f1344352fb1f26b00fd
-
reg_key
4c71585ab01a8f1344352fb1f26b00fd
-
splitter
|'|'|
Extracted
quasar
1.3.0.0
Heart
185.163.127.20:61110
HRT_MUTEX_kecTsVDPnERdvianlr
-
encryption_key
3vnM9JqtaSdxUVqeTXSi
-
install_name
Subfile.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDirr
Targets
-
-
Target
Heart-Sender-V1.2_Cracked_by_JC0der-FireEye_zip.exe
-
Size
1.5MB
-
MD5
39c155feba403930d14b9120798d2d32
-
SHA1
f216c232a58b71c0f2cc0a869c722859c2cfcfa8
-
SHA256
e42c1e8dd84758e1de952293324126e5bbe6de9cb58f63374eba6d20e01b4350
-
SHA512
5c0b311d5329b218da69744573e40b463b94c1fb4efd2627d9976f2c7c933fd7ee21b0ad4effb87cd8d6387b4cc7fcddab3a1054f21e806cd79f090fa04cf4bb
-
Quasar Payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Modifies AppInit DLL entries
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
autoit_exe
AutoIT scripts compiled to PE executables.
-