General
-
Target
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71fexe_JC.exe
-
Size
517KB
-
Sample
230806-s9166aba28
-
MD5
d41f1c7e31301333d4566921fa2e746c
-
SHA1
96f01a64517b81d61603d8d63d0a541c46989f11
-
SHA256
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71f
-
SHA512
49b5db3895973f5a63fa5a08d047f9a9b14b82352cb65a5a87c7be12be1797a159276c75dcc16fc61a4c4dba545ca4cb29772a8a4e07f086a47367ca2d5718dc
-
SSDEEP
12288:WMrPy90Mk+nx9EIMXo6ST4w8kur2PMHtpq01YsEc:Zy/vvDMXo34w812P6ash
Static task
static1
Behavioral task
behavioral1
Sample
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71fexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71fexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71fexe_JC.exe
-
Size
517KB
-
MD5
d41f1c7e31301333d4566921fa2e746c
-
SHA1
96f01a64517b81d61603d8d63d0a541c46989f11
-
SHA256
8db6f544940545b4e7f0eef92bc68e65f5e9efd3707f33b7e5594777d56ed71f
-
SHA512
49b5db3895973f5a63fa5a08d047f9a9b14b82352cb65a5a87c7be12be1797a159276c75dcc16fc61a4c4dba545ca4cb29772a8a4e07f086a47367ca2d5718dc
-
SSDEEP
12288:WMrPy90Mk+nx9EIMXo6ST4w8kur2PMHtpq01YsEc:Zy/vvDMXo34w812P6ash
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1