General
-
Target
e49c4b2313b6777965a74c5c209701006224b3c9f9d198aa19ee5326dfb6b702exe_JC.exe
-
Size
517KB
-
Sample
230813-qm4bwsef3v
-
MD5
93dd17b7f0fd380c2fd56fec60aa7317
-
SHA1
3e7bb3c0df5f3cc0ed1f7d73d6898618a2b26094
-
SHA256
e49c4b2313b6777965a74c5c209701006224b3c9f9d198aa19ee5326dfb6b702
-
SHA512
db0e057dad5063fbfd76afb5ea2b88e59bf45ea841513d708a25b2a83051d09ec3d058c48df3bfdaec93c02a70c6a8496c42366f3442b2b0f5db1761601c42ba
-
SSDEEP
12288:WMrbzy90LSVQZuTxnwztbiYzj/7yrn2wM1a:5ylWZuNnUtbiYzjOrOa
Static task
static1
Behavioral task
behavioral1
Sample
e49c4b2313b6777965a74c5c209701006224b3c9f9d198aa19ee5326dfb6b702exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e49c4b2313b6777965a74c5c209701006224b3c9f9d198aa19ee5326dfb6b702exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
e49c4b2313b6777965a74c5c209701006224b3c9f9d198aa19ee5326dfb6b702exe_JC.exe
-
Size
517KB
-
MD5
93dd17b7f0fd380c2fd56fec60aa7317
-
SHA1
3e7bb3c0df5f3cc0ed1f7d73d6898618a2b26094
-
SHA256
e49c4b2313b6777965a74c5c209701006224b3c9f9d198aa19ee5326dfb6b702
-
SHA512
db0e057dad5063fbfd76afb5ea2b88e59bf45ea841513d708a25b2a83051d09ec3d058c48df3bfdaec93c02a70c6a8496c42366f3442b2b0f5db1761601c42ba
-
SSDEEP
12288:WMrbzy90LSVQZuTxnwztbiYzj/7yrn2wM1a:5ylWZuNnUtbiYzjOrOa
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1