f997fc9407991062241af5442395f248.exe

Target

Size

623KB

Sample

211220-xs8bcscdhp

Score

10 ^/10

MD5

f997fc9407991062241af5442395f248

SHA1

65e35087a12acb4e7cf06fefd944c812300c53ef

SHA256

aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623

SHA512

32d9b1c9c08085d803979d472b7a8f20e4e710c2fc9113abb6126116d5e693d7d7f3183d11ecae01e504c30c3bc9b79ad88448574e7c9e78c7f0ce0516a70d7b

Extracted

Family	redline
Botnet	runpe
C2	142.202.242.172:7667 142.202.242.172:7667

Extracted

Family	amadey
Version	2.86
C2	2.56.56.210/notAnoob/index.php 2.56.56.210/notAnoob/index.php

Target

f997fc9407991062241af5442395f248.exe

MD5

f997fc9407991062241af5442395f248

Filesize

623KB

Score

10^/10

SHA1

65e35087a12acb4e7cf06fefd944c812300c53ef

SHA256

aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623

SHA512

32d9b1c9c08085d803979d472b7a8f20e4e710c2fc9113abb6126116d5e693d7d7f3183d11ecae01e504c30c3bc9b79ad88448574e7c9e78c7f0ce0516a70d7b

Signatures

Amadey
Description

Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
Tags

trojan amadey
Detect Neshta Payload
Modifies system executable filetype association
Tags

persistence

TTPs

Modify RegistryChange Default File Association
Neshta
Description

Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Tags

persistence spyware neshta
RedLine
Description

RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Tags

infostealer redline
RedLine Payload
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Tags

spyware

TTPs

Data from Local SystemCredentials in Files
Checks installed software on the system
Description

Looks up Uninstall key entries in the registry to enumerate software on the system.
Tags

discovery

TTPs

Query Registry

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Change Default File Association

Privilege Escalation

static1

behavioral1

amadey neshta redline runpe discovery infostealer persistence spyware stealer trojan

10^/10

behavioral2

amadey neshta redline runpe discovery infostealer persistence spyware stealer trojan

10^/10

Extracted

Extracted

Tags

Signatures

Amadey

Description

Tags

Detect Neshta Payload

Modifies system executable filetype association

Tags

TTPs

Neshta

Description

Tags

RedLine

Description

Tags

RedLine Payload

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses cryptocurrency files/wallets, possible credential harvesting

Tags

TTPs

Checks installed software on the system

Description

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2