General
-
Target
85e7bc3c003e068d838d1a1c272b7119.exe
-
Size
556KB
-
Sample
230805-lml1dscf5w
-
MD5
85e7bc3c003e068d838d1a1c272b7119
-
SHA1
d9e44f291cd7175707d7f9658a3f4f9ba4ac960e
-
SHA256
6c3e14911e976df22d590a3115a982a3941d7e410ce4c34277e02a6db56771b1
-
SHA512
3dd9a9d0c7bdcea22e07dfaf94717fbf03de46bb37f309fdaeed10d924fd1f98a527e390d90be86f0b838928f957d4733253bc6729dfa659dbcf9fce30d1167e
-
SSDEEP
12288:mMrjy90wmPkdCKWihgT8OVgONLZTNxKlsKkk5s:hyLmVegI3OhZTisDk5s
Static task
static1
Behavioral task
behavioral1
Sample
85e7bc3c003e068d838d1a1c272b7119.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
85e7bc3c003e068d838d1a1c272b7119.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
micky
77.91.124.172:19071
-
auth_value
748f3c67c004f4a994500f05127b4428
Targets
-
-
Target
85e7bc3c003e068d838d1a1c272b7119.exe
-
Size
556KB
-
MD5
85e7bc3c003e068d838d1a1c272b7119
-
SHA1
d9e44f291cd7175707d7f9658a3f4f9ba4ac960e
-
SHA256
6c3e14911e976df22d590a3115a982a3941d7e410ce4c34277e02a6db56771b1
-
SHA512
3dd9a9d0c7bdcea22e07dfaf94717fbf03de46bb37f309fdaeed10d924fd1f98a527e390d90be86f0b838928f957d4733253bc6729dfa659dbcf9fce30d1167e
-
SSDEEP
12288:mMrjy90wmPkdCKWihgT8OVgONLZTNxKlsKkk5s:hyLmVegI3OhZTisDk5s
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1