General
-
Target
a4b5fc097a3bb61490594ed60b2aa22dc59c893db3035445c9cc3fa45f9b5f87
-
Size
560KB
-
Sample
230807-q1vlxagg9x
-
MD5
b854dbf6f88e736abad1fe62e01df7bc
-
SHA1
8ac00af85d0dcbe6c3e7b3b9b2b33e27fb805e7d
-
SHA256
a4b5fc097a3bb61490594ed60b2aa22dc59c893db3035445c9cc3fa45f9b5f87
-
SHA512
bb710bf0ac1d7fe6f6f654e59fff0441de79aac6bf123120e9d693dff105d1239cc5f632eec442f4623a016831268afe426189a3c02b7e228f7e29bf9bbffc02
-
SSDEEP
12288:3Mrfy909rz+vxQuwBdAT5jRcDArO5tBsYAc5dHTzJHH8xD:AyIv+gCNRnqz2YP5tTVH8R
Static task
static1
Behavioral task
behavioral1
Sample
a4b5fc097a3bb61490594ed60b2aa22dc59c893db3035445c9cc3fa45f9b5f87.exe
Resource
win10-20230703-en
Malware Config
Extracted
amadey
3.87
193.233.255.9/nasa/index.php
Extracted
redline
dodge
77.91.124.156:19071
-
auth_value
3372223e987be2a16148c072df30163d
Extracted
systembc
ar.undata.cc:5320
ar1.undata.cc:5320
Targets
-
-
Target
a4b5fc097a3bb61490594ed60b2aa22dc59c893db3035445c9cc3fa45f9b5f87
-
Size
560KB
-
MD5
b854dbf6f88e736abad1fe62e01df7bc
-
SHA1
8ac00af85d0dcbe6c3e7b3b9b2b33e27fb805e7d
-
SHA256
a4b5fc097a3bb61490594ed60b2aa22dc59c893db3035445c9cc3fa45f9b5f87
-
SHA512
bb710bf0ac1d7fe6f6f654e59fff0441de79aac6bf123120e9d693dff105d1239cc5f632eec442f4623a016831268afe426189a3c02b7e228f7e29bf9bbffc02
-
SSDEEP
12288:3Mrfy909rz+vxQuwBdAT5jRcDArO5tBsYAc5dHTzJHH8xD:AyIv+gCNRnqz2YP5tTVH8R
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1