General
-
Target
7c600b8d7a390d26d1dbf170cdd39639e60dc6a915a803e7d47a861f4f6f5a7cexe_JC.exe
-
Size
517KB
-
Sample
230805-zqfvfagb4w
-
MD5
e5f0811a3a5f1e8da32d8c52fbd4e002
-
SHA1
20cdc998713431db175f18ff2dbfd8d3c4dc4ded
-
SHA256
7c600b8d7a390d26d1dbf170cdd39639e60dc6a915a803e7d47a861f4f6f5a7c
-
SHA512
35450d0e58aa88f47029bc21d457c1b4e0b5f826bc33a1f95a9cb0d2d55266f89fef4bf399a27422776c229be8ec8a406cb852b7e3ee75c0f0a8455c7db8a7ca
-
SSDEEP
12288:bMr9y90w4Rt9/+qUqk40Lrfh3Zgty+OgWcgBYCQapT6jnRuoV:GyN4ROqUqGDFZgt6gWDzF6lvV
Static task
static1
Behavioral task
behavioral1
Sample
7c600b8d7a390d26d1dbf170cdd39639e60dc6a915a803e7d47a861f4f6f5a7cexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7c600b8d7a390d26d1dbf170cdd39639e60dc6a915a803e7d47a861f4f6f5a7cexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
7c600b8d7a390d26d1dbf170cdd39639e60dc6a915a803e7d47a861f4f6f5a7cexe_JC.exe
-
Size
517KB
-
MD5
e5f0811a3a5f1e8da32d8c52fbd4e002
-
SHA1
20cdc998713431db175f18ff2dbfd8d3c4dc4ded
-
SHA256
7c600b8d7a390d26d1dbf170cdd39639e60dc6a915a803e7d47a861f4f6f5a7c
-
SHA512
35450d0e58aa88f47029bc21d457c1b4e0b5f826bc33a1f95a9cb0d2d55266f89fef4bf399a27422776c229be8ec8a406cb852b7e3ee75c0f0a8455c7db8a7ca
-
SSDEEP
12288:bMr9y90w4Rt9/+qUqk40Lrfh3Zgty+OgWcgBYCQapT6jnRuoV:GyN4ROqUqGDFZgt6gWDzF6lvV
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1