General
-
Target
ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1
-
Size
641KB
-
Sample
230801-x3m36sah43
-
MD5
d4368e0e12082d50af413daf6d422d15
-
SHA1
5afe753c00c3ec0103ac7896d8b316dc6c586aea
-
SHA256
ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1
-
SHA512
ae88f5aaacaa6940dea08110e31754869bde7dc50d04bb313610dd73fa2539be642fa664bc1db7788ea287052d77c16238d12003da6788468996d53e6154e094
-
SSDEEP
12288:HMrZy90v/nCl6xzEybwcNlxB1wDwZNmMrWM7rErcI6yS0Fi1l2RYD6rDO1mYB1k0:uyeQ6xz90c3y3Wx7gwh+OB+W1RB1k0
Static task
static1
Behavioral task
behavioral1
Sample
ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
maxik
77.91.124.156:19071
-
auth_value
a7714e1bc167c67e3fc8f9e368352269
Targets
-
-
Target
ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1
-
Size
641KB
-
MD5
d4368e0e12082d50af413daf6d422d15
-
SHA1
5afe753c00c3ec0103ac7896d8b316dc6c586aea
-
SHA256
ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1
-
SHA512
ae88f5aaacaa6940dea08110e31754869bde7dc50d04bb313610dd73fa2539be642fa664bc1db7788ea287052d77c16238d12003da6788468996d53e6154e094
-
SSDEEP
12288:HMrZy90v/nCl6xzEybwcNlxB1wDwZNmMrWM7rErcI6yS0Fi1l2RYD6rDO1mYB1k0:uyeQ6xz90c3y3Wx7gwh+OB+W1RB1k0
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1