General
-
Target
d26083be1c736486aa6c28d002cf9a8967d2154c3f688121d451f1e2fc659108
-
Size
705KB
-
Sample
230822-1923fsfg58
-
MD5
195d4335993a59b2827ee1b7a89215f3
-
SHA1
614a0778ac0be4f5081ae0836a159a9f32e9c0aa
-
SHA256
d26083be1c736486aa6c28d002cf9a8967d2154c3f688121d451f1e2fc659108
-
SHA512
ba7fbdd56a92a952b8d7e8b556d239d560e54284b2262d36729a9364d25244d1186b910be9dd38bff2de7ed83743896ef68b7196531490315a2f746fee68c852
-
SSDEEP
12288:vMrZy90oSHsCepqUp1Z/fgFR6axeKn5JPlMnWxtGR0wvuGdFIJ0I9:GyCsZPp1ZXg/6axeKn5d2nYt5VGdFIJL
Static task
static1
Behavioral task
behavioral1
Sample
d26083be1c736486aa6c28d002cf9a8967d2154c3f688121d451f1e2fc659108.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
rota
77.91.124.73:19071
-
auth_value
320c7daa59eb9b82e20a15162392a756
Targets
-
-
Target
d26083be1c736486aa6c28d002cf9a8967d2154c3f688121d451f1e2fc659108
-
Size
705KB
-
MD5
195d4335993a59b2827ee1b7a89215f3
-
SHA1
614a0778ac0be4f5081ae0836a159a9f32e9c0aa
-
SHA256
d26083be1c736486aa6c28d002cf9a8967d2154c3f688121d451f1e2fc659108
-
SHA512
ba7fbdd56a92a952b8d7e8b556d239d560e54284b2262d36729a9364d25244d1186b910be9dd38bff2de7ed83743896ef68b7196531490315a2f746fee68c852
-
SSDEEP
12288:vMrZy90oSHsCepqUp1Z/fgFR6axeKn5JPlMnWxtGR0wvuGdFIJ0I9:GyCsZPp1ZXg/6axeKn5d2nYt5VGdFIJL
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1