General
-
Target
a36ee19fc861aa6781f9c7f6bd0cb4cec5817d4d432b96812af04c63cd052fa7
-
Size
561KB
-
Sample
230807-pr2s7age6v
-
MD5
2cb07ab1d943d83e2869fb81b4ab0b1b
-
SHA1
e54d3f14e46b22056268dc0f387ea3a7b672e78b
-
SHA256
a36ee19fc861aa6781f9c7f6bd0cb4cec5817d4d432b96812af04c63cd052fa7
-
SHA512
841277feaf7d2d7a45c1ebe6a3ad5e83f3e20d0c890f26fa563eef0af5645bae16b590fdde8262a44d91adba4b1ed2d0c7fde2bb571948e0cd40f88705d9afef
-
SSDEEP
12288:WMrYy90Ekr3sTrUZ3QYmteqH9FQ35yhzUiwYeaaDAs:Kyre3QYmkqdm5ylU7YK
Static task
static1
Behavioral task
behavioral1
Sample
a36ee19fc861aa6781f9c7f6bd0cb4cec5817d4d432b96812af04c63cd052fa7.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.87
193.233.255.9/nasa/index.php
Extracted
redline
dodge
77.91.124.156:19071
-
auth_value
3372223e987be2a16148c072df30163d
Extracted
systembc
ar.undata.cc:5320
ar1.undata.cc:5320
Targets
-
-
Target
a36ee19fc861aa6781f9c7f6bd0cb4cec5817d4d432b96812af04c63cd052fa7
-
Size
561KB
-
MD5
2cb07ab1d943d83e2869fb81b4ab0b1b
-
SHA1
e54d3f14e46b22056268dc0f387ea3a7b672e78b
-
SHA256
a36ee19fc861aa6781f9c7f6bd0cb4cec5817d4d432b96812af04c63cd052fa7
-
SHA512
841277feaf7d2d7a45c1ebe6a3ad5e83f3e20d0c890f26fa563eef0af5645bae16b590fdde8262a44d91adba4b1ed2d0c7fde2bb571948e0cd40f88705d9afef
-
SSDEEP
12288:WMrYy90Ekr3sTrUZ3QYmteqH9FQ35yhzUiwYeaaDAs:Kyre3QYmkqdm5ylU7YK
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1