General
-
Target
e45180138d1e807a75821b1fe68e39c2efd17f0567588c3f6841794b321d1568exe_JC.exe
-
Size
517KB
-
Sample
230813-ql3zqsee91
-
MD5
1979476b385ce5a78fdb469b61916ccd
-
SHA1
da61da7e342f605aa46fd327ace95a11c2e5d261
-
SHA256
e45180138d1e807a75821b1fe68e39c2efd17f0567588c3f6841794b321d1568
-
SHA512
b5380b5688cca73cc5f63c632c6423ea82f6ec021357b6529e72df8e9206b27f645aa760a66c6b87a12bd01e06a28d5e1249462fb8c1e2f7b1094c8893f35a16
-
SSDEEP
12288:EMr9y90hU8bkPGOrPILejQ8hHrgcycrZKvPv:pyx8by7Vd7yCZsv
Static task
static1
Behavioral task
behavioral1
Sample
e45180138d1e807a75821b1fe68e39c2efd17f0567588c3f6841794b321d1568exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e45180138d1e807a75821b1fe68e39c2efd17f0567588c3f6841794b321d1568exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
e45180138d1e807a75821b1fe68e39c2efd17f0567588c3f6841794b321d1568exe_JC.exe
-
Size
517KB
-
MD5
1979476b385ce5a78fdb469b61916ccd
-
SHA1
da61da7e342f605aa46fd327ace95a11c2e5d261
-
SHA256
e45180138d1e807a75821b1fe68e39c2efd17f0567588c3f6841794b321d1568
-
SHA512
b5380b5688cca73cc5f63c632c6423ea82f6ec021357b6529e72df8e9206b27f645aa760a66c6b87a12bd01e06a28d5e1249462fb8c1e2f7b1094c8893f35a16
-
SSDEEP
12288:EMr9y90hU8bkPGOrPILejQ8hHrgcycrZKvPv:pyx8by7Vd7yCZsv
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1