General
-
Target
357399f99a38cbc0cd7f883ed785751f291157071d787cf1c8a1a1dd6d0c1b10
-
Size
1009KB
-
Sample
230324-myrwfsfh4v
-
MD5
82ad99c71091a4339a27475536ce8ad5
-
SHA1
1bf1c05b2f823ff986992b59ce80b05534362c0e
-
SHA256
357399f99a38cbc0cd7f883ed785751f291157071d787cf1c8a1a1dd6d0c1b10
-
SHA512
01cdd8fa74c6589345585faadfd34c9b7f55d479bbcab2f20796f91ef681c4aef587e22d2e54e916737369564ae2111ea3ee8e5530968092a246afca53a00c4a
-
SSDEEP
24576:1ylt3pmr0DzDxJ5Rk5rgiUaKQQbYdKP2p/lhX:QlV40DXw5r89MKPklh
Malware Config
Extracted
redline
down
193.233.20.31:4125
-
auth_value
12c31a90c72f5efae8c053a0bd339381
Extracted
redline
roxi
193.233.20.31:4125
-
auth_value
9d8be78c896acc3cf8b8a6637a221376
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
357399f99a38cbc0cd7f883ed785751f291157071d787cf1c8a1a1dd6d0c1b10
-
Size
1009KB
-
MD5
82ad99c71091a4339a27475536ce8ad5
-
SHA1
1bf1c05b2f823ff986992b59ce80b05534362c0e
-
SHA256
357399f99a38cbc0cd7f883ed785751f291157071d787cf1c8a1a1dd6d0c1b10
-
SHA512
01cdd8fa74c6589345585faadfd34c9b7f55d479bbcab2f20796f91ef681c4aef587e22d2e54e916737369564ae2111ea3ee8e5530968092a246afca53a00c4a
-
SSDEEP
24576:1ylt3pmr0DzDxJ5Rk5rgiUaKQQbYdKP2p/lhX:QlV40DXw5r89MKPklh
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-