General
-
Target
7331ea12d6cebf5f1aa1d13a1a241d82610f7ab2e33cb82e5f06f3e152e479b4exe_JC.exe
-
Size
516KB
-
Sample
230805-qy6amaec61
-
MD5
864f711242be0d8d00403408e200e31e
-
SHA1
b4212d0160603b580dd235ac34ff702f41ef6bdb
-
SHA256
7331ea12d6cebf5f1aa1d13a1a241d82610f7ab2e33cb82e5f06f3e152e479b4
-
SHA512
fd75e1a7b71434b2f579e25a165c19cab05856ead5f8252e11632fa7220e92dbda44eb1081e69ee2c147df767de947b5ef56f3524c39e69efcc2f9360ee33ad2
-
SSDEEP
12288:7MrJy90enRYjYG2/Lp6Y114H46ysqxBgBYCcVpFY:SyvnRo66YPrsRz+k
Static task
static1
Behavioral task
behavioral1
Sample
7331ea12d6cebf5f1aa1d13a1a241d82610f7ab2e33cb82e5f06f3e152e479b4exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7331ea12d6cebf5f1aa1d13a1a241d82610f7ab2e33cb82e5f06f3e152e479b4exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
7331ea12d6cebf5f1aa1d13a1a241d82610f7ab2e33cb82e5f06f3e152e479b4exe_JC.exe
-
Size
516KB
-
MD5
864f711242be0d8d00403408e200e31e
-
SHA1
b4212d0160603b580dd235ac34ff702f41ef6bdb
-
SHA256
7331ea12d6cebf5f1aa1d13a1a241d82610f7ab2e33cb82e5f06f3e152e479b4
-
SHA512
fd75e1a7b71434b2f579e25a165c19cab05856ead5f8252e11632fa7220e92dbda44eb1081e69ee2c147df767de947b5ef56f3524c39e69efcc2f9360ee33ad2
-
SSDEEP
12288:7MrJy90enRYjYG2/Lp6Y114H46ysqxBgBYCcVpFY:SyvnRo66YPrsRz+k
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1