General
-
Target
5ba7ff89a3887877e42f64edd509686f5e0920d5b5c2b1de219014b771810288
-
Size
233KB
-
Sample
221125-nqerladh54
-
MD5
4149b7ced64c1cb7517446aab862ceed
-
SHA1
aacbf47e0f15775f3c35b4c0cd39861534bb4559
-
SHA256
5ba7ff89a3887877e42f64edd509686f5e0920d5b5c2b1de219014b771810288
-
SHA512
cae9f023f97ee98d50fcd4d1a04f7c913c9e37bf85f1ee57f847dfcc3e11fce1c67dd74d571e0f9786150b55bc9ddecdbdba23efee50885815e142fa4f654170
-
SSDEEP
6144:G5FBs/1/P03oPswvDwJwohllMN+bW3VCf:GzB+9P0YPsw7wxhjXbWlCf
Malware Config
Extracted
amadey
3.50
193.56.146.174/g84kvj4jck/index.php
Extracted
redline
ritchshit
94.103.183.33:80
-
auth_value
98c1a18edcc6e04afa19a0ee3b16a6e2
Targets
-
-
Target
5ba7ff89a3887877e42f64edd509686f5e0920d5b5c2b1de219014b771810288
-
Size
233KB
-
MD5
4149b7ced64c1cb7517446aab862ceed
-
SHA1
aacbf47e0f15775f3c35b4c0cd39861534bb4559
-
SHA256
5ba7ff89a3887877e42f64edd509686f5e0920d5b5c2b1de219014b771810288
-
SHA512
cae9f023f97ee98d50fcd4d1a04f7c913c9e37bf85f1ee57f847dfcc3e11fce1c67dd74d571e0f9786150b55bc9ddecdbdba23efee50885815e142fa4f654170
-
SSDEEP
6144:G5FBs/1/P03oPswvDwJwohllMN+bW3VCf:GzB+9P0YPsw7wxhjXbWlCf
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-