f997fc9407991062241af5442395f248.exe

General
Target

f997fc9407991062241af5442395f248.exe

Size

623KB

Sample

211220-xs8bcscdhp

Score
10 /10
MD5

f997fc9407991062241af5442395f248

SHA1

65e35087a12acb4e7cf06fefd944c812300c53ef

SHA256

aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623

SHA512

32d9b1c9c08085d803979d472b7a8f20e4e710c2fc9113abb6126116d5e693d7d7f3183d11ecae01e504c30c3bc9b79ad88448574e7c9e78c7f0ce0516a70d7b

Malware Config

Extracted

Family redline
Botnet runpe
C2

142.202.242.172:7667

Extracted

Family amadey
Version 2.86
C2

2.56.56.210/notAnoob/index.php

Targets
Target

f997fc9407991062241af5442395f248.exe

MD5

f997fc9407991062241af5442395f248

Filesize

623KB

Score
10/10
SHA1

65e35087a12acb4e7cf06fefd944c812300c53ef

SHA256

aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623

SHA512

32d9b1c9c08085d803979d472b7a8f20e4e710c2fc9113abb6126116d5e693d7d7f3183d11ecae01e504c30c3bc9b79ad88448574e7c9e78c7f0ce0516a70d7b

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Detect Neshta Payload

  • Modifies system executable filetype association

    Tags

    TTPs

    Modify RegistryChange Default File Association
  • Neshta

    Description

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation