General
-
Target
90237c5abc5c787df74113c421126717ab424470f4e65b756e909ec7c27e47c9exe_JC.exe
-
Size
517KB
-
Sample
230806-wsajnabe72
-
MD5
75163827aaf19d30fec88dc7f0b031da
-
SHA1
abc1b443ea768fa0a24eef4312642ae83144fd57
-
SHA256
90237c5abc5c787df74113c421126717ab424470f4e65b756e909ec7c27e47c9
-
SHA512
f2de23a54fb562c4d6420b97864e6cab030c24ac727008822fa794db611e87669f83a3babeb0f8179e08c32470846e68583cc78200301ebca135bf417693c943
-
SSDEEP
6144:KKy+bnr+Tp0yN90QErqyJ3Bjav1PIlKbwxgEQub+xZK2Cc36uwQgfau3DJh:WMrry905lBm9PIlaU+K2CU6uwlT3f
Static task
static1
Behavioral task
behavioral1
Sample
90237c5abc5c787df74113c421126717ab424470f4e65b756e909ec7c27e47c9exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
90237c5abc5c787df74113c421126717ab424470f4e65b756e909ec7c27e47c9exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
90237c5abc5c787df74113c421126717ab424470f4e65b756e909ec7c27e47c9exe_JC.exe
-
Size
517KB
-
MD5
75163827aaf19d30fec88dc7f0b031da
-
SHA1
abc1b443ea768fa0a24eef4312642ae83144fd57
-
SHA256
90237c5abc5c787df74113c421126717ab424470f4e65b756e909ec7c27e47c9
-
SHA512
f2de23a54fb562c4d6420b97864e6cab030c24ac727008822fa794db611e87669f83a3babeb0f8179e08c32470846e68583cc78200301ebca135bf417693c943
-
SSDEEP
6144:KKy+bnr+Tp0yN90QErqyJ3Bjav1PIlKbwxgEQub+xZK2Cc36uwQgfau3DJh:WMrry905lBm9PIlaU+K2CU6uwlT3f
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1