General
-
Target
f616eefd5bfdb6319b6314777d18cfcc.bin
-
Size
977KB
-
Sample
230329-b9h7xaec92
-
MD5
3d394defd2422e79305a3e2bdc5db4c8
-
SHA1
a05c6c292fc101461dc8c905170c40bc996a2b0f
-
SHA256
9c1f8cee987d83d3d95a937f3e8071a0b79ba98f03b7e9ce188d4138752323ae
-
SHA512
16bac902ec5d6e6ac4d9ccd720c40d2848ee5802219345e4175191f76ce7761fce29a28e9fe1caed7a0a4cca6583f8da6d0a94c0a2e0e11fb9cdd69d60746894
-
SSDEEP
24576:ED6Bmbc1Bljr5iMt+xwRSx8dMQSug9B9lbYN5sWyzLAKS:ED6Bmg1njr5Tol5QSJ1hYNNyzL3S
Malware Config
Extracted
redline
sony
193.233.20.33:4125
-
auth_value
1d93d1744381eeb4fcfd7c23ffe0f0b4
Extracted
redline
gong
193.233.20.33:4125
-
auth_value
16950897b83de3bba9e4de36f06a8c05
Extracted
amadey
3.68
31.41.244.200/games/category/index.php
Targets
-
-
Target
cf88c19e1ed803ce213ffd1685f3cbdd787937c918a5dda0f0a2b33d62d18ee3.exe
-
Size
1021KB
-
MD5
f616eefd5bfdb6319b6314777d18cfcc
-
SHA1
c6f6ac1c9418b787cf3e06c1b8ccd737397f9704
-
SHA256
cf88c19e1ed803ce213ffd1685f3cbdd787937c918a5dda0f0a2b33d62d18ee3
-
SHA512
a908c0f41436b85419134c6ef0185e8f74d5382ec48d61fc99867850fb2a34b7e1569762e03d9a5c7a9613f899269f09de9e765bcf39a8a3315648bd83989b9f
-
SSDEEP
24576:fy2IEjzDoJ3CM0yMaBku1LXA/NNMQV2QbRI6nQvZ4V:q/ODoRCzayu1kDMyNQx
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-