General
-
Target
b26af4e1c612f734b04ff47eecc5e62c557d477bb490d568d089bdb9be56f24aexe_JC.exe
-
Size
517KB
-
Sample
230810-sxp85aga2x
-
MD5
2c56695b0c3cd32b5efc7ea0481a8a68
-
SHA1
e64067f9b730eefe2dc74cc725e2232a4e920565
-
SHA256
b26af4e1c612f734b04ff47eecc5e62c557d477bb490d568d089bdb9be56f24a
-
SHA512
f75c689839483c3729ae5b8d83fbe4f9a6b5e8f22a8dad08fdbb568ce6f09e983ed90323623165bf863b7b32c3ad37ff2f27e62628fc239aa842a36995681b38
-
SSDEEP
12288:zMr8y90s1tVMNmbzo1vflsUT8BpSgBYCS41wsTQ+W8:7yymbzoUG8pzhtf
Static task
static1
Behavioral task
behavioral1
Sample
b26af4e1c612f734b04ff47eecc5e62c557d477bb490d568d089bdb9be56f24aexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
b26af4e1c612f734b04ff47eecc5e62c557d477bb490d568d089bdb9be56f24aexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
b26af4e1c612f734b04ff47eecc5e62c557d477bb490d568d089bdb9be56f24aexe_JC.exe
-
Size
517KB
-
MD5
2c56695b0c3cd32b5efc7ea0481a8a68
-
SHA1
e64067f9b730eefe2dc74cc725e2232a4e920565
-
SHA256
b26af4e1c612f734b04ff47eecc5e62c557d477bb490d568d089bdb9be56f24a
-
SHA512
f75c689839483c3729ae5b8d83fbe4f9a6b5e8f22a8dad08fdbb568ce6f09e983ed90323623165bf863b7b32c3ad37ff2f27e62628fc239aa842a36995681b38
-
SSDEEP
12288:zMr8y90s1tVMNmbzo1vflsUT8BpSgBYCS41wsTQ+W8:7yymbzoUG8pzhtf
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1