General
-
Target
c75bab2c86b7b5056c46b87ada43d74b877404b41f296785ca898c9f31618d22
-
Size
742KB
-
Sample
230217-ahp1pscd4x
-
MD5
c09cb9624c912e0ebd1d8f07e3ab5eca
-
SHA1
42fd45dac61e34e4574500e3e6db865f49463cbf
-
SHA256
c75bab2c86b7b5056c46b87ada43d74b877404b41f296785ca898c9f31618d22
-
SHA512
66c72338478b016faa93e4c3de1a916c2bc54e0bbbe3a192c9666e41cdfe49bda1a5e9114775ff3d31e4210e9cdbb62b1e9ee70c5554995f7c01e9b4147032cc
-
SSDEEP
12288:iMrsy90TB8egnkXzi9uBTQxMHDJKH/LD/miadtvZUoRU6IkITH/Bkii57:yysB8dCyETIDih6oRU6IFM7
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Extracted
amadey
3.66
193.233.20.4/t6r48nSa/index.php
Targets
-
-
Target
c75bab2c86b7b5056c46b87ada43d74b877404b41f296785ca898c9f31618d22
-
Size
742KB
-
MD5
c09cb9624c912e0ebd1d8f07e3ab5eca
-
SHA1
42fd45dac61e34e4574500e3e6db865f49463cbf
-
SHA256
c75bab2c86b7b5056c46b87ada43d74b877404b41f296785ca898c9f31618d22
-
SHA512
66c72338478b016faa93e4c3de1a916c2bc54e0bbbe3a192c9666e41cdfe49bda1a5e9114775ff3d31e4210e9cdbb62b1e9ee70c5554995f7c01e9b4147032cc
-
SSDEEP
12288:iMrsy90TB8egnkXzi9uBTQxMHDJKH/LD/miadtvZUoRU6IkITH/Bkii57:yysB8dCyETIDih6oRU6IFM7
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-