General
-
Target
d383299ea8651170bfa147a96ea9287a7d6ebe430325daf0845dd7505f14cdd3exe_JC.exe
-
Size
517KB
-
Sample
230812-vl959seh3x
-
MD5
b5c0db40d5cc43c8200673bfc15b405b
-
SHA1
68b3a7cef1539aab4701eb4f00f87a02fa3bd79f
-
SHA256
d383299ea8651170bfa147a96ea9287a7d6ebe430325daf0845dd7505f14cdd3
-
SHA512
954f0deb089f13993707cb1c8000b4a331403f1201cb248c6779f4571bbbfac84b4d96c85e322c4ba440eb7d3623adeb79fe43bce294432ff7f7ef233313cb25
-
SSDEEP
12288:uMrPy90CQKer0ByotoffKx5rV81v8bHx/3Q74sLuh:RyAKIitK+5rYv89fsah
Static task
static1
Behavioral task
behavioral1
Sample
d383299ea8651170bfa147a96ea9287a7d6ebe430325daf0845dd7505f14cdd3exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
d383299ea8651170bfa147a96ea9287a7d6ebe430325daf0845dd7505f14cdd3exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
d383299ea8651170bfa147a96ea9287a7d6ebe430325daf0845dd7505f14cdd3exe_JC.exe
-
Size
517KB
-
MD5
b5c0db40d5cc43c8200673bfc15b405b
-
SHA1
68b3a7cef1539aab4701eb4f00f87a02fa3bd79f
-
SHA256
d383299ea8651170bfa147a96ea9287a7d6ebe430325daf0845dd7505f14cdd3
-
SHA512
954f0deb089f13993707cb1c8000b4a331403f1201cb248c6779f4571bbbfac84b4d96c85e322c4ba440eb7d3623adeb79fe43bce294432ff7f7ef233313cb25
-
SSDEEP
12288:uMrPy90CQKer0ByotoffKx5rV81v8bHx/3Q74sLuh:RyAKIitK+5rYv89fsah
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1