General
-
Target
ad4c33564453b11af6a7009f5669f7ecb4685d16f3e7c956ee842428dc65e075exe_JC.exe
-
Size
517KB
-
Sample
230809-wkd7wafh7z
-
MD5
97d84b0a7ceb33581f34228e41528cb1
-
SHA1
b0049c8d4dc4e90c080e71e570e55eeb11488ffb
-
SHA256
ad4c33564453b11af6a7009f5669f7ecb4685d16f3e7c956ee842428dc65e075
-
SHA512
9d2f3f1b4faa43d4b003debf2917619bf018e887960efa9c6f179b20da034f2a7cfa77f59ac15c5069f42f554ea19ea94392e5dcddf8ffdfb5e26ac949237341
-
SSDEEP
12288:lMriy90BD9sFlkHU4R853vt6bcSFSK/kMyykrNmJKAMR0M1:7yk5sU8BvtwUXykrIMPR0s
Static task
static1
Behavioral task
behavioral1
Sample
ad4c33564453b11af6a7009f5669f7ecb4685d16f3e7c956ee842428dc65e075exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ad4c33564453b11af6a7009f5669f7ecb4685d16f3e7c956ee842428dc65e075exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
ad4c33564453b11af6a7009f5669f7ecb4685d16f3e7c956ee842428dc65e075exe_JC.exe
-
Size
517KB
-
MD5
97d84b0a7ceb33581f34228e41528cb1
-
SHA1
b0049c8d4dc4e90c080e71e570e55eeb11488ffb
-
SHA256
ad4c33564453b11af6a7009f5669f7ecb4685d16f3e7c956ee842428dc65e075
-
SHA512
9d2f3f1b4faa43d4b003debf2917619bf018e887960efa9c6f179b20da034f2a7cfa77f59ac15c5069f42f554ea19ea94392e5dcddf8ffdfb5e26ac949237341
-
SSDEEP
12288:lMriy90BD9sFlkHU4R853vt6bcSFSK/kMyykrNmJKAMR0M1:7yk5sU8BvtwUXykrIMPR0s
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1