General
-
Target
9d42e0b24dc22b84b6892424d111f8fb.bin
-
Size
967KB
-
Sample
230326-b63gdafb45
-
MD5
b7562da448800d86bc6be68a80da8ece
-
SHA1
805134a27789ba7567029ddf2338f7ae870ba10a
-
SHA256
1071ca2292e07693b117c0eabe2f089967471bb8b8700ea976f5dec9355e28f4
-
SHA512
40215b341aea07fa00b6a6f97bd0891d050fe0a3a757bd5a14b27fbec89c6daac717c76f515dfcee9a15fb45e3efa2fe793757c68ec39030d5cca3a533692e45
-
SSDEEP
24576:3pxKsylI0Bo+jUgYIivGtdiTO7/qzVmcCN5hATdF:3pxK/No+zYNuH6O76mxDh8F
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
nerv
193.233.20.32:4125
-
auth_value
e383fe5545fbf9f612ad8eee12544595
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
be5bf2f44aa3686c00a4f1c337f4a605422bb1f6ac5b94180223ca0df4478273.exe
-
Size
1011KB
-
MD5
9d42e0b24dc22b84b6892424d111f8fb
-
SHA1
eb00ab34d5b34c11fbd8cc7bd9359388183d6aa8
-
SHA256
be5bf2f44aa3686c00a4f1c337f4a605422bb1f6ac5b94180223ca0df4478273
-
SHA512
b3db51158f619f96b7603aa3e3af3d5dd27a4ce6dd7ad072dd2b919089fa4a1e3db36cc8374c0d0981cc56af834f08d6919c082a79570078c8d98e380072d1a8
-
SSDEEP
24576:HyXNL6IPv4Uz3uOnxsjhUuR1la4VQ7XJ:SXF6I4Uz3u0xsjtRe77X
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-