Overview

overview

10

Static

static

1

13b5ef2447...ac.exe

windows7-x64

10

13b5ef2447...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d8e948bf0a9c13677ef1f27daeaea98.bin

  • Size

    988KB

  • Sample

    230328-bk3v1saa6y

  • MD5

    8b12e6b2084a71ca9822c3b285a762e4

  • SHA1

    5fd019d2e5e3975860abb48edadd3db3a86f9639

  • SHA256

    f3557804a8d949bc67c3115c00c6a1ecb05432ec1d07b81b0d2f70a519928d80

  • SHA512

    8250de8686016e3bf9d81922c8161546069a09eeabd83a49ec2391c728ec5a01d3c37a17f7001dfa240572421a37182b5b732490eaad92eeefb78c45487b8fa1

  • SSDEEP

    24576:uCVKIdujoq4W8xiKYUlfZsW/uNBB2rG6yN/inyEP:uFxjt4WT/+VS72rGBEnZP

Score
10/10
amadeyredlinereivsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

reiv

C2

193.233.20.33:4125

Attributes
  • auth_value

    5e0113277ad2cf97a9b7e175007f1c55

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

    • Target

      13b5ef24472eb8dcdb12adb23ea8cbd08285ac279fd1246aceb4b8adfcaa30ac.exe

    • Size

      1.0MB

    • MD5

      1d8e948bf0a9c13677ef1f27daeaea98

    • SHA1

      5f157517268b9d13d0f27334211a4baa0102204d

    • SHA256

      13b5ef24472eb8dcdb12adb23ea8cbd08285ac279fd1246aceb4b8adfcaa30ac

    • SHA512

      f2d2e11fe2a85b023b9d350dafdd9fcee9dfb40022030ba24af712b890b670cbf4572f74a3272bc095e7ea17978fd108e300b0073cb05cf0856a77741c03fc14

    • SSDEEP

      24576:JyXOMGY+JH6rv2upI09QZs5I8SIqVru8aH1GTWrDf/iWeBBk:8yXJH6reurQZ8PqVqlVGCrDf/iWeB

    Score
    10/10
    amadeyredlinereivsonydiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks