General
-
Target
e5f5dd1351fc046439bb7d556519711007fcef1ed039653d6f5b22f60053449e
-
Size
831KB
-
Sample
230819-nehn4shc79
-
MD5
277e4c316af1a20ec91554b9dea65a15
-
SHA1
0dbcb78e62ad0479e53677cbbe112c5a35366efa
-
SHA256
e5f5dd1351fc046439bb7d556519711007fcef1ed039653d6f5b22f60053449e
-
SHA512
c9a72e12aa7498d76666209931c9ef89adb532ccabb7f62edadd5d0c0fb2a209d30dd84faafb71a7757760440008dcdaccfaf2282043a9361224d745f8000371
-
SSDEEP
24576:9y+ZHpwITkr3DLgJXl7WUK+VG8nfnOMjtu:Y0Wr3XuXlSUK+VGSOI
Static task
static1
Behavioral task
behavioral1
Sample
e5f5dd1351fc046439bb7d556519711007fcef1ed039653d6f5b22f60053449e.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
e5f5dd1351fc046439bb7d556519711007fcef1ed039653d6f5b22f60053449e
-
Size
831KB
-
MD5
277e4c316af1a20ec91554b9dea65a15
-
SHA1
0dbcb78e62ad0479e53677cbbe112c5a35366efa
-
SHA256
e5f5dd1351fc046439bb7d556519711007fcef1ed039653d6f5b22f60053449e
-
SHA512
c9a72e12aa7498d76666209931c9ef89adb532ccabb7f62edadd5d0c0fb2a209d30dd84faafb71a7757760440008dcdaccfaf2282043a9361224d745f8000371
-
SSDEEP
24576:9y+ZHpwITkr3DLgJXl7WUK+VG8nfnOMjtu:Y0Wr3XuXlSUK+VGSOI
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1