General
-
Target
f541905108ebcbaf2a2be59c7349482f63178e1f3f082749f95570c2e6cdac49
-
Size
181KB
-
Sample
221107-f14vgaace6
-
MD5
d9c2dc31c385ac4da18aff1fe645ed62
-
SHA1
4707c0b090eb6896f3294100e2dd6f9bf86778fc
-
SHA256
f541905108ebcbaf2a2be59c7349482f63178e1f3f082749f95570c2e6cdac49
-
SHA512
254f27912333e2235ba187c9212ba81edc9bed484c9d319359220080ea42b1b5a8d7c6679287bf12c52d0bee4cfdd2003d8ff99b4c71f348d685ab36d012a533
-
SSDEEP
3072:SHmj8KyG5BHLkRDhsL5Xti4r7mcbN+vj+WDTATxY7:Si8dG5JLOhAMYVbNC6WY
Malware Config
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Targets
-
-
Target
f541905108ebcbaf2a2be59c7349482f63178e1f3f082749f95570c2e6cdac49
-
Size
181KB
-
MD5
d9c2dc31c385ac4da18aff1fe645ed62
-
SHA1
4707c0b090eb6896f3294100e2dd6f9bf86778fc
-
SHA256
f541905108ebcbaf2a2be59c7349482f63178e1f3f082749f95570c2e6cdac49
-
SHA512
254f27912333e2235ba187c9212ba81edc9bed484c9d319359220080ea42b1b5a8d7c6679287bf12c52d0bee4cfdd2003d8ff99b4c71f348d685ab36d012a533
-
SSDEEP
3072:SHmj8KyG5BHLkRDhsL5Xti4r7mcbN+vj+WDTATxY7:Si8dG5JLOhAMYVbNC6WY
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Smokeloader packer
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-