General
-
Target
870ad87a52fe06b12d6d3e1811b39861ad4e32aae9c14a178aacdaa72eb3f1ceexe_JC.exe
-
Size
517KB
-
Sample
230806-n9pe5saa66
-
MD5
2b6c245db1871a1f01231a0edc782397
-
SHA1
8b15ed9202beb4f75e16dc473b5c4b2a0b926632
-
SHA256
870ad87a52fe06b12d6d3e1811b39861ad4e32aae9c14a178aacdaa72eb3f1ce
-
SHA512
e47c870c562c21ff3bbb14af5b01a82f99e4a4e2473aba9fdf8f907cd9b21c2bebab6e93ff7c19fb15c79fa0be5c13c43817cd31afe2a0f5e83e08402ac467ca
-
SSDEEP
12288:wMrby90WbUi31eM3djC7nbxAxIvDSAQ9Dt6g/XYmn4:7y4aBC7nbZv2Z1/XYb
Static task
static1
Behavioral task
behavioral1
Sample
870ad87a52fe06b12d6d3e1811b39861ad4e32aae9c14a178aacdaa72eb3f1ceexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
870ad87a52fe06b12d6d3e1811b39861ad4e32aae9c14a178aacdaa72eb3f1ceexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
870ad87a52fe06b12d6d3e1811b39861ad4e32aae9c14a178aacdaa72eb3f1ceexe_JC.exe
-
Size
517KB
-
MD5
2b6c245db1871a1f01231a0edc782397
-
SHA1
8b15ed9202beb4f75e16dc473b5c4b2a0b926632
-
SHA256
870ad87a52fe06b12d6d3e1811b39861ad4e32aae9c14a178aacdaa72eb3f1ce
-
SHA512
e47c870c562c21ff3bbb14af5b01a82f99e4a4e2473aba9fdf8f907cd9b21c2bebab6e93ff7c19fb15c79fa0be5c13c43817cd31afe2a0f5e83e08402ac467ca
-
SSDEEP
12288:wMrby90WbUi31eM3djC7nbxAxIvDSAQ9Dt6g/XYmn4:7y4aBC7nbZv2Z1/XYb
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1