Overview

overview

10

Static

static

1

b33660719b...b4.exe

windows7-x64

10

b33660719b...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de9a4b970ddaa6abecf77140151f797b.bin

  • Size

    588KB

  • Sample

    230312-ck49hsec8t

  • MD5

    af22ac0ee91b06f83da7a8335fe22d5b

  • SHA1

    1724fe3341e2eaa3b6192da2ad4a5c296890b670

  • SHA256

    c571d1f758417f2ff129af391db108eaf6e502570312db09e9018864817da6e5

  • SHA512

    d7459a47ad0352343493e00959fcd93064f253f36b033c1c0c4039e821311caeee874b0dfe345eed422aecab82a442830e86df19f28092c839dd110377191c16

  • SSDEEP

    12288:B3l/cyuLL8cfu8upqsXgAnAvjePsP+3vtBDCWT9hEP6rY:bkhwc3YnA7Yf9CWB6P6c

Score
10/10
amadeyredlinedezikdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes
  • auth_value

    d39f21dca8edc10800b036ab83f4d75e

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      b33660719be7af63e50ab5645bed266299a0942641020a63549f48ba39df35b4.exe

    • Size

      656KB

    • MD5

      de9a4b970ddaa6abecf77140151f797b

    • SHA1

      b26c1a00aa0d225545142b6329d7901cf70eb453

    • SHA256

      b33660719be7af63e50ab5645bed266299a0942641020a63549f48ba39df35b4

    • SHA512

      06d475127b7424ed30356db0657dbdc205dfb33a29b9a14ca85d1955e00ca379a1f767ec5c096c955cece85e6c1cdeff1e224d2d8cc1d9dfd5a0013445e2cc3c

    • SSDEEP

      12288:ypSQ5SDELBLNJC14u18ZXJXLWEIwqYwud151gpNFleHhpYnOKG:ypJuElLI4zZA5DYwud/2pMBpTp

    Score
    10/10
    amadeyredlinedezikdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks