General
-
Target
c32d36f5e946e2b2e2b3a04bd9d223beda5d728514ffb04e841c71856061dedcexe_JC.exe
-
Size
517KB
-
Sample
230811-smlsyseb88
-
MD5
cd1bd95b7236ce0ed66ac9f3bae5aa5d
-
SHA1
48362bbe6e2d1d20942f683ef1dba4cb4ee1381e
-
SHA256
c32d36f5e946e2b2e2b3a04bd9d223beda5d728514ffb04e841c71856061dedc
-
SHA512
6d26006f1dd6cb3c04db6a46c688f87ece29e6171cf24af76a7535eb8d39375fff1383291e109285f46e233185fc0fd1564c3d2de246a55e1e11ef4a22230f4b
-
SSDEEP
12288:SMr7y9054e0md9jVORdL5i1eYw2naFbANoY5Eyu:hyk4OkdL51Yw244Ef
Static task
static1
Behavioral task
behavioral1
Sample
c32d36f5e946e2b2e2b3a04bd9d223beda5d728514ffb04e841c71856061dedcexe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
c32d36f5e946e2b2e2b3a04bd9d223beda5d728514ffb04e841c71856061dedcexe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
c32d36f5e946e2b2e2b3a04bd9d223beda5d728514ffb04e841c71856061dedcexe_JC.exe
-
Size
517KB
-
MD5
cd1bd95b7236ce0ed66ac9f3bae5aa5d
-
SHA1
48362bbe6e2d1d20942f683ef1dba4cb4ee1381e
-
SHA256
c32d36f5e946e2b2e2b3a04bd9d223beda5d728514ffb04e841c71856061dedc
-
SHA512
6d26006f1dd6cb3c04db6a46c688f87ece29e6171cf24af76a7535eb8d39375fff1383291e109285f46e233185fc0fd1564c3d2de246a55e1e11ef4a22230f4b
-
SSDEEP
12288:SMr7y9054e0md9jVORdL5i1eYw2naFbANoY5Eyu:hyk4OkdL51Yw244Ef
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1