General
-
Target
a339b087c89b1e09431ac4_JC.exe
-
Size
390KB
-
Sample
230728-vcm95sed75
-
MD5
0f99c516eb53f2b1a5bc9a3cf075c2a6
-
SHA1
81b2ba355df05e5369d129ff4720e31c95a589e5
-
SHA256
a339b087c89b1e09431ac42913bb29ff27cf1dfadb62dd16f480bb959c7ebaad
-
SHA512
64a7c74bfab3c954a6a1cdcb8f1d47d45714f95e8b6bb9ecbcd4cfaa5293d5a253f5350a13b9cc0dbed61bca90d80f1b3d16af58db3125322149442e33b07029
-
SSDEEP
12288:EMr2y90Kylx8pzFld/QSZBJcGAbNMmKj:KygxizFQSLJcGSO
Static task
static1
Behavioral task
behavioral1
Sample
a339b087c89b1e09431ac4_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a339b087c89b1e09431ac4_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
news
77.91.68.68:19071
-
auth_value
99ba2ffe8d72ebe9fdc7e758c94db148
Targets
-
-
Target
a339b087c89b1e09431ac4_JC.exe
-
Size
390KB
-
MD5
0f99c516eb53f2b1a5bc9a3cf075c2a6
-
SHA1
81b2ba355df05e5369d129ff4720e31c95a589e5
-
SHA256
a339b087c89b1e09431ac42913bb29ff27cf1dfadb62dd16f480bb959c7ebaad
-
SHA512
64a7c74bfab3c954a6a1cdcb8f1d47d45714f95e8b6bb9ecbcd4cfaa5293d5a253f5350a13b9cc0dbed61bca90d80f1b3d16af58db3125322149442e33b07029
-
SSDEEP
12288:EMr2y90Kylx8pzFld/QSZBJcGAbNMmKj:KygxizFQSLJcGSO
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1