General
-
Target
8792921fdc7167ad581482854935454759f2db159758e866f9822df12c06f18e
-
Size
1.0MB
-
Sample
230326-ynk6psbg5w
-
MD5
cda95507f1b89b6db0ee8c9f343144b0
-
SHA1
da7731c746cb0e9551b3c10fd68e920d2c0d7172
-
SHA256
8792921fdc7167ad581482854935454759f2db159758e866f9822df12c06f18e
-
SHA512
b35e88b9341c8c7dca8093c002aa75fe7aadd17bc34420b0493ad8340e7e728cc3921fbdb89bf8700ce37c8fa03c263b44eb66ee56f11f4fe70f0a35d2d4d775
-
SSDEEP
24576:Sy8aj6dE1gePq38IV9QT0Aiaug1GhgXxrIy7o:58a3UtQwA9uOGWm
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
reiv
193.233.20.33:4125
-
auth_value
5e0113277ad2cf97a9b7e175007f1c55
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
8792921fdc7167ad581482854935454759f2db159758e866f9822df12c06f18e
-
Size
1.0MB
-
MD5
cda95507f1b89b6db0ee8c9f343144b0
-
SHA1
da7731c746cb0e9551b3c10fd68e920d2c0d7172
-
SHA256
8792921fdc7167ad581482854935454759f2db159758e866f9822df12c06f18e
-
SHA512
b35e88b9341c8c7dca8093c002aa75fe7aadd17bc34420b0493ad8340e7e728cc3921fbdb89bf8700ce37c8fa03c263b44eb66ee56f11f4fe70f0a35d2d4d775
-
SSDEEP
24576:Sy8aj6dE1gePq38IV9QT0Aiaug1GhgXxrIy7o:58a3UtQwA9uOGWm
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-