General
-
Target
f94dbf2a0e70d9cb1b0438d4801355633798312568cf894ba69c7a2235f78cd3exe_JC.exe
-
Size
517KB
-
Sample
230815-t9gcesea6s
-
MD5
f33dadf4b5c96340903685b6f5bebb22
-
SHA1
06b387672c8602c705b2368b211d6588592ffd55
-
SHA256
f94dbf2a0e70d9cb1b0438d4801355633798312568cf894ba69c7a2235f78cd3
-
SHA512
c891d17d61409ebfa1ab67f951496d8509495002f62a10445382d76cffc0669960682c1ecf4ed43e8930ee07f392b1cf23814a98bb19605d60fa514b11dec534
-
SSDEEP
12288:9MrTy90mAUu/t+UgdaccWU7/g4cMoa5PM7db0MKMNe:Sy4sbdncWJDMoa5PM7F0MJe
Static task
static1
Behavioral task
behavioral1
Sample
f94dbf2a0e70d9cb1b0438d4801355633798312568cf894ba69c7a2235f78cd3exe_JC.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
f94dbf2a0e70d9cb1b0438d4801355633798312568cf894ba69c7a2235f78cd3exe_JC.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
3.86
5.42.92.67/norm/index.php
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Targets
-
-
Target
f94dbf2a0e70d9cb1b0438d4801355633798312568cf894ba69c7a2235f78cd3exe_JC.exe
-
Size
517KB
-
MD5
f33dadf4b5c96340903685b6f5bebb22
-
SHA1
06b387672c8602c705b2368b211d6588592ffd55
-
SHA256
f94dbf2a0e70d9cb1b0438d4801355633798312568cf894ba69c7a2235f78cd3
-
SHA512
c891d17d61409ebfa1ab67f951496d8509495002f62a10445382d76cffc0669960682c1ecf4ed43e8930ee07f392b1cf23814a98bb19605d60fa514b11dec534
-
SSDEEP
12288:9MrTy90mAUu/t+UgdaccWU7/g4cMoa5PM7db0MKMNe:Sy4sbdncWJDMoa5PM7F0MJe
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1