General
-
Target
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38exe_JC.exe
-
Size
641KB
-
Sample
230805-rbxkmsee3v
-
MD5
788d92f47b212e2049463dd423a5dee1
-
SHA1
ec638a326f621c2ac72199ddb8e02affffe0dee6
-
SHA256
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38
-
SHA512
2ff493ef1f3f2e9905e2930669eefb995041eeb8045ec1a4bfc935b655454aea9c591dfe179ec3c711fb22ff25374a64a01e7a56b204b37fd417e1b3278ab2a0
-
SSDEEP
12288:/Mrey90DQanCnYpz9L+2CBiMx5A5nF9npy7OsW6f/g9EcqOEluM:FyKPC8zBBE7jcF9py7OsW6ng9Ecq5uM
Static task
static1
Behavioral task
behavioral1
Sample
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38exe_JC.exe
-
Size
641KB
-
MD5
788d92f47b212e2049463dd423a5dee1
-
SHA1
ec638a326f621c2ac72199ddb8e02affffe0dee6
-
SHA256
74991b8b0544fa500ea5cb196e746fa3f4d98c5d0623c46470044b2710b5da38
-
SHA512
2ff493ef1f3f2e9905e2930669eefb995041eeb8045ec1a4bfc935b655454aea9c591dfe179ec3c711fb22ff25374a64a01e7a56b204b37fd417e1b3278ab2a0
-
SSDEEP
12288:/Mrey90DQanCnYpz9L+2CBiMx5A5nF9npy7OsW6f/g9EcqOEluM:FyKPC8zBBE7jcF9py7OsW6ng9Ecq5uM
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1