General
-
Target
7ddeda2e3bde145fdf37adec48a6bf6ce8c05a03a2588e38a24673fe110f5f18exe_JC.exe
-
Size
516KB
-
Sample
230806-l13kasha36
-
MD5
7dd8510da08b58883d4b3082af290c5b
-
SHA1
54c35daff8de5b277cdec9bb1fc17b179365831c
-
SHA256
7ddeda2e3bde145fdf37adec48a6bf6ce8c05a03a2588e38a24673fe110f5f18
-
SHA512
439a65dd2767e6216c2f5f54cbb478711fa70a2f4cccdfe6bfb3a6bd06c3d595ea91f77633b7c45a73928b448fa3e1ba0ebda7f5c23f2202eb5680f4180cd322
-
SSDEEP
12288:0MrWy90d9rEunVLKTh4eevG6wgBYCR2IUZlQm3LyMv/6Ao:6yQ9ounBwh4eeuOzQznpo
Static task
static1
Behavioral task
behavioral1
Sample
7ddeda2e3bde145fdf37adec48a6bf6ce8c05a03a2588e38a24673fe110f5f18exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7ddeda2e3bde145fdf37adec48a6bf6ce8c05a03a2588e38a24673fe110f5f18exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
7ddeda2e3bde145fdf37adec48a6bf6ce8c05a03a2588e38a24673fe110f5f18exe_JC.exe
-
Size
516KB
-
MD5
7dd8510da08b58883d4b3082af290c5b
-
SHA1
54c35daff8de5b277cdec9bb1fc17b179365831c
-
SHA256
7ddeda2e3bde145fdf37adec48a6bf6ce8c05a03a2588e38a24673fe110f5f18
-
SHA512
439a65dd2767e6216c2f5f54cbb478711fa70a2f4cccdfe6bfb3a6bd06c3d595ea91f77633b7c45a73928b448fa3e1ba0ebda7f5c23f2202eb5680f4180cd322
-
SSDEEP
12288:0MrWy90d9rEunVLKTh4eevG6wgBYCR2IUZlQm3LyMv/6Ao:6yQ9ounBwh4eeuOzQznpo
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1