General
-
Target
1f8effb7353e4995a218c6b7430b8e1ce19851b57e1dbc844917574b1e9951f0
-
Size
1.2MB
-
Sample
230318-hw4d9adf4y
-
MD5
e9f387345bf390cdea92d5350942e172
-
SHA1
8bde7c405d31a39657f6ced027230e7251ee6901
-
SHA256
1f8effb7353e4995a218c6b7430b8e1ce19851b57e1dbc844917574b1e9951f0
-
SHA512
ce205626a8cf7cc4ce44b67d93ddfb063c6e51c5846d5d2b195283390554d4762d2a75c91763750ef6f2509bf0a441d3ec3e4c2e4daf26b5da223cf830d19006
-
SSDEEP
24576:T3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:TISfBnyXAPFQis
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
laba
193.233.20.28:4125
-
auth_value
2cf01cffff9092a85ca7e106c547190b
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
1f8effb7353e4995a218c6b7430b8e1ce19851b57e1dbc844917574b1e9951f0
-
Size
1.2MB
-
MD5
e9f387345bf390cdea92d5350942e172
-
SHA1
8bde7c405d31a39657f6ced027230e7251ee6901
-
SHA256
1f8effb7353e4995a218c6b7430b8e1ce19851b57e1dbc844917574b1e9951f0
-
SHA512
ce205626a8cf7cc4ce44b67d93ddfb063c6e51c5846d5d2b195283390554d4762d2a75c91763750ef6f2509bf0a441d3ec3e4c2e4daf26b5da223cf830d19006
-
SSDEEP
24576:T3fA/X9x8NfB7bCvJpAaUQMz5itmXaZH/BV:TISfBnyXAPFQis
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-