General
-
Target
1d8e948bf0a9c13677ef1f27daeaea98.bin
-
Size
988KB
-
Sample
230328-bk3v1saa6y
-
MD5
8b12e6b2084a71ca9822c3b285a762e4
-
SHA1
5fd019d2e5e3975860abb48edadd3db3a86f9639
-
SHA256
f3557804a8d949bc67c3115c00c6a1ecb05432ec1d07b81b0d2f70a519928d80
-
SHA512
8250de8686016e3bf9d81922c8161546069a09eeabd83a49ec2391c728ec5a01d3c37a17f7001dfa240572421a37182b5b732490eaad92eeefb78c45487b8fa1
-
SSDEEP
24576:uCVKIdujoq4W8xiKYUlfZsW/uNBB2rG6yN/inyEP:uFxjt4WT/+VS72rGBEnZP
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
reiv
193.233.20.33:4125
-
auth_value
5e0113277ad2cf97a9b7e175007f1c55
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
13b5ef24472eb8dcdb12adb23ea8cbd08285ac279fd1246aceb4b8adfcaa30ac.exe
-
Size
1.0MB
-
MD5
1d8e948bf0a9c13677ef1f27daeaea98
-
SHA1
5f157517268b9d13d0f27334211a4baa0102204d
-
SHA256
13b5ef24472eb8dcdb12adb23ea8cbd08285ac279fd1246aceb4b8adfcaa30ac
-
SHA512
f2d2e11fe2a85b023b9d350dafdd9fcee9dfb40022030ba24af712b890b670cbf4572f74a3272bc095e7ea17978fd108e300b0073cb05cf0856a77741c03fc14
-
SSDEEP
24576:JyXOMGY+JH6rv2upI09QZs5I8SIqVru8aH1GTWrDf/iWeBBk:8yXJH6reurQZ8PqVqlVGCrDf/iWeB
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-