General
-
Target
b3b8299ade63b725b6569739ea884e01ba7a3d3566652f1a52ca1d2d8e93676dexe_JC.exe
-
Size
517KB
-
Sample
230810-s99hjaef23
-
MD5
7542551d341048a668a58cb10c2152f5
-
SHA1
773a48a30bcbcf72d8a4f170ca5f8e49b6e89f28
-
SHA256
b3b8299ade63b725b6569739ea884e01ba7a3d3566652f1a52ca1d2d8e93676d
-
SHA512
c33ee62b627f95bfaabd4b9503b522ad79501dbfc2016dd986869ca9012c894fc677ba542f3cde1532913f7928355847b2660976cfd7b87c3bc8f9f582fd1388
-
SSDEEP
12288:6Mr0y90w05KaB4cSGkCB6HYxyIjTaYqlRRgUff+GgIX:Wyt05O/3CB6oyIjToRgS+6X
Static task
static1
Behavioral task
behavioral1
Sample
b3b8299ade63b725b6569739ea884e01ba7a3d3566652f1a52ca1d2d8e93676dexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
b3b8299ade63b725b6569739ea884e01ba7a3d3566652f1a52ca1d2d8e93676dexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
b3b8299ade63b725b6569739ea884e01ba7a3d3566652f1a52ca1d2d8e93676dexe_JC.exe
-
Size
517KB
-
MD5
7542551d341048a668a58cb10c2152f5
-
SHA1
773a48a30bcbcf72d8a4f170ca5f8e49b6e89f28
-
SHA256
b3b8299ade63b725b6569739ea884e01ba7a3d3566652f1a52ca1d2d8e93676d
-
SHA512
c33ee62b627f95bfaabd4b9503b522ad79501dbfc2016dd986869ca9012c894fc677ba542f3cde1532913f7928355847b2660976cfd7b87c3bc8f9f582fd1388
-
SSDEEP
12288:6Mr0y90w05KaB4cSGkCB6HYxyIjTaYqlRRgUff+GgIX:Wyt05O/3CB6oyIjToRgS+6X
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1