General
-
Target
012a80c149cc79fcee6026d255b89b115860f28f92b45a60a5ad0559b42bc56a
-
Size
560KB
-
Sample
230807-zc6tpshc95
-
MD5
6da74600edbb4147cc8b1840cec43bc1
-
SHA1
c7aa58f7039c770245eb2445afcb7eca24f1dbc9
-
SHA256
012a80c149cc79fcee6026d255b89b115860f28f92b45a60a5ad0559b42bc56a
-
SHA512
f06dcd6fed8c08e127d9e93ff364ca1cc09e04f95272c5bab1d4c6e26fab35639e9ef2386293ab85c2883323151512f0f0ba1b3b66ce15f5744612e9432873c0
-
SSDEEP
12288:rMrRy90GMFlKrn+ihdJHoWsLBc5+6TzE5erl6FdhDoAy:2yS3obELm5BTA5eJIhty
Static task
static1
Malware Config
Extracted
amadey
3.87
193.233.255.9/nasa/index.php
Extracted
redline
dodge
77.91.124.156:19071
-
auth_value
3372223e987be2a16148c072df30163d
Targets
-
-
Target
012a80c149cc79fcee6026d255b89b115860f28f92b45a60a5ad0559b42bc56a
-
Size
560KB
-
MD5
6da74600edbb4147cc8b1840cec43bc1
-
SHA1
c7aa58f7039c770245eb2445afcb7eca24f1dbc9
-
SHA256
012a80c149cc79fcee6026d255b89b115860f28f92b45a60a5ad0559b42bc56a
-
SHA512
f06dcd6fed8c08e127d9e93ff364ca1cc09e04f95272c5bab1d4c6e26fab35639e9ef2386293ab85c2883323151512f0f0ba1b3b66ce15f5744612e9432873c0
-
SSDEEP
12288:rMrRy90GMFlKrn+ihdJHoWsLBc5+6TzE5erl6FdhDoAy:2yS3obELm5BTA5eJIhty
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1