General
-
Target
5c31214bdcb3c90bfdb80fd721a920456ee5b79cc86350ac67aaaa70254a71c3
-
Size
1.0MB
-
Sample
230326-cvfnxafc34
-
MD5
76e3c8e3fda0da44f54e26b0fbff26cb
-
SHA1
45433e51d96422884f8e5999b677c1e183345ed6
-
SHA256
5c31214bdcb3c90bfdb80fd721a920456ee5b79cc86350ac67aaaa70254a71c3
-
SHA512
a067c10da35d26173bacddaefc366426e3c174b69c6c4c945e1344c729bb98b2d964e956f87036c5b52a553b3983ff5185ddfdfc5bdd912f7466587bdd475c21
-
SSDEEP
24576:eyXm5z89rKPW0q4ThIaEo7423SiOKdGI2J:t8A0q3aFc23AmG
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Extracted
redline
netu
193.233.20.32:4125
-
auth_value
9641925ae487005582b5cf30476dd305
Extracted
amadey
3.68
62.204.41.87/joomla/index.php
Targets
-
-
Target
5c31214bdcb3c90bfdb80fd721a920456ee5b79cc86350ac67aaaa70254a71c3
-
Size
1.0MB
-
MD5
76e3c8e3fda0da44f54e26b0fbff26cb
-
SHA1
45433e51d96422884f8e5999b677c1e183345ed6
-
SHA256
5c31214bdcb3c90bfdb80fd721a920456ee5b79cc86350ac67aaaa70254a71c3
-
SHA512
a067c10da35d26173bacddaefc366426e3c174b69c6c4c945e1344c729bb98b2d964e956f87036c5b52a553b3983ff5185ddfdfc5bdd912f7466587bdd475c21
-
SSDEEP
24576:eyXm5z89rKPW0q4ThIaEo7423SiOKdGI2J:t8A0q3aFc23AmG
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-