General
-
Target
e439677543164cdbb131515adc793b6d69de000dc3326c44940434dcce84acd5exe_JC.exe
-
Size
517KB
-
Sample
230813-qk7xascd98
-
MD5
c84c8b4c07c0af390e0cd2dc423adf02
-
SHA1
82bc4022582661d1216354853dbb2d9f282a80d6
-
SHA256
e439677543164cdbb131515adc793b6d69de000dc3326c44940434dcce84acd5
-
SHA512
dd861508d7b966c09215a1c3b4bdc643a70fa861731be494c72d454c84c8e732561a91fc548606d318bccf352a3903326cd6d28dc913fac90217df7b0329c069
-
SSDEEP
12288:/Mrey90CID1LOLIh5MysYt89HwXkgDF0jWJJHe:VyBIhO65DYAkgDzHe
Static task
static1
Behavioral task
behavioral1
Sample
e439677543164cdbb131515adc793b6d69de000dc3326c44940434dcce84acd5exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e439677543164cdbb131515adc793b6d69de000dc3326c44940434dcce84acd5exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
e439677543164cdbb131515adc793b6d69de000dc3326c44940434dcce84acd5exe_JC.exe
-
Size
517KB
-
MD5
c84c8b4c07c0af390e0cd2dc423adf02
-
SHA1
82bc4022582661d1216354853dbb2d9f282a80d6
-
SHA256
e439677543164cdbb131515adc793b6d69de000dc3326c44940434dcce84acd5
-
SHA512
dd861508d7b966c09215a1c3b4bdc643a70fa861731be494c72d454c84c8e732561a91fc548606d318bccf352a3903326cd6d28dc913fac90217df7b0329c069
-
SSDEEP
12288:/Mrey90CID1LOLIh5MysYt89HwXkgDF0jWJJHe:VyBIhO65DYAkgDzHe
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1