General
-
Target
4252037a5918453642c6160143c906f7.bin
-
Size
979KB
-
Sample
230328-bs821aab2x
-
MD5
c1644cbfa601591682a65f5b4cf80752
-
SHA1
19a51eb9f9ed44702d5b6ebfcb655fcf327b68bb
-
SHA256
34bedc0a620ec2af4371f8facf6ca50b05839322eb6b8af6ede4f1e4162688cf
-
SHA512
cc2ffcb5dc99628c2c5ef3e790ea9558a472be21711ec5835fd96e8d292f7f68d605677522cd6933e5012fa044dd1fef1d07c281a58cb75a3dd50bbd3564d0a9
-
SSDEEP
24576:d1X4kC1Rrr/OpMa2XTj3Ac9LNCnFHo/u6cRN:dWLrr/O7E3AwYwlkN
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
reiv
193.233.20.33:4125
-
auth_value
5e0113277ad2cf97a9b7e175007f1c55
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
442383819053791fd1d20cfedff61e4ddd39257d4c7644f1ef5cdd9695a52a28.bin
-
Size
1023KB
-
MD5
4252037a5918453642c6160143c906f7
-
SHA1
a45397467231eb705ec646dd4c8fea40d4bc9d2d
-
SHA256
442383819053791fd1d20cfedff61e4ddd39257d4c7644f1ef5cdd9695a52a28
-
SHA512
f1ca8ea812c71c4bc0110d94c4f83f4cda8abb2ef7d3e7dac6e5449cd4b1fcfae0b7dce6a4e564a24509b36c64464cd0599a9978b03aa7632b0eb977d000281d
-
SSDEEP
24576:vyEePqIKghHeloLGx0FsNjOCMTMVKlQ0SACPXdoq:6jq32vLCusNmYuZ6W
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-