General
-
Target
ee4c5daa2e1992d339be9e9a69726641952127dfc0c4a74b695e720fd8f2c548exe_JC.exe
-
Size
517KB
-
Sample
230814-vd57cadg38
-
MD5
f4bd5ddc6e00c1e058986213c4fd6e33
-
SHA1
7c9de8f89c9fb0dcbc03a90bc4cc10c94919b813
-
SHA256
ee4c5daa2e1992d339be9e9a69726641952127dfc0c4a74b695e720fd8f2c548
-
SHA512
ae628623476ca9572d6ad0e931119c35ca8641eaa97f218fcab72c6cce99299a261502b181f21a76e974d9844ae9562cbd4d47deacc8cd62a5c7502768bcb207
-
SSDEEP
12288:NMr5y90Ml54C6YmdDtP4TgBYCQJJtlaA94:8yx54RjP7zcRBa
Static task
static1
Behavioral task
behavioral1
Sample
ee4c5daa2e1992d339be9e9a69726641952127dfc0c4a74b695e720fd8f2c548exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
ee4c5daa2e1992d339be9e9a69726641952127dfc0c4a74b695e720fd8f2c548exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
ee4c5daa2e1992d339be9e9a69726641952127dfc0c4a74b695e720fd8f2c548exe_JC.exe
-
Size
517KB
-
MD5
f4bd5ddc6e00c1e058986213c4fd6e33
-
SHA1
7c9de8f89c9fb0dcbc03a90bc4cc10c94919b813
-
SHA256
ee4c5daa2e1992d339be9e9a69726641952127dfc0c4a74b695e720fd8f2c548
-
SHA512
ae628623476ca9572d6ad0e931119c35ca8641eaa97f218fcab72c6cce99299a261502b181f21a76e974d9844ae9562cbd4d47deacc8cd62a5c7502768bcb207
-
SSDEEP
12288:NMr5y90Ml54C6YmdDtP4TgBYCQJJtlaA94:8yx54RjP7zcRBa
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1