General
-
Target
aed8f4563e5a4bb4ad61e3ebaf02697b493eae639eafc407d3ff6abaa01ad8d5exe_JC.exe
-
Size
517KB
-
Sample
230809-wx4cjaef33
-
MD5
e26869d3339637e9d8f1cfc50fc15ac9
-
SHA1
d6d7b7bdd499c03c0b011226792f42282d543fca
-
SHA256
aed8f4563e5a4bb4ad61e3ebaf02697b493eae639eafc407d3ff6abaa01ad8d5
-
SHA512
74c20fb01ad60af9527efa4de1b823fd70006aa990c69d04a060eaae4b0a9c401a02b353d94575753a92b502d1d489942e2ddd4021357b14630cc39ea52bd29d
-
SSDEEP
12288:ZMrTy90bBBPUXHQiUnRfuYIB48zLkOFQ/p2BWqD:2ye7S8Rfux/LkgQrK
Static task
static1
Behavioral task
behavioral1
Sample
aed8f4563e5a4bb4ad61e3ebaf02697b493eae639eafc407d3ff6abaa01ad8d5exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
aed8f4563e5a4bb4ad61e3ebaf02697b493eae639eafc407d3ff6abaa01ad8d5exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
aed8f4563e5a4bb4ad61e3ebaf02697b493eae639eafc407d3ff6abaa01ad8d5exe_JC.exe
-
Size
517KB
-
MD5
e26869d3339637e9d8f1cfc50fc15ac9
-
SHA1
d6d7b7bdd499c03c0b011226792f42282d543fca
-
SHA256
aed8f4563e5a4bb4ad61e3ebaf02697b493eae639eafc407d3ff6abaa01ad8d5
-
SHA512
74c20fb01ad60af9527efa4de1b823fd70006aa990c69d04a060eaae4b0a9c401a02b353d94575753a92b502d1d489942e2ddd4021357b14630cc39ea52bd29d
-
SSDEEP
12288:ZMrTy90bBBPUXHQiUnRfuYIB48zLkOFQ/p2BWqD:2ye7S8Rfux/LkgQrK
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1