General
-
Target
830dd8d33b55a1e19cf3c85e6caa807dba15efa3d5621e96d0ed8e7a6ba64e13
-
Size
981KB
-
Sample
230411-mebecsbg88
-
MD5
6ddfc1d39b8a5f77f7066896a9da6a5e
-
SHA1
b25f2f0673920f19251e0b84e5efa26b41590a5a
-
SHA256
830dd8d33b55a1e19cf3c85e6caa807dba15efa3d5621e96d0ed8e7a6ba64e13
-
SHA512
0f6027b41ba8680531e0b9f27cdc045fe54e0242d682530f67894f788a8111a90c939c2cc822a95209be414a4f72ec231a1f5a4869d3f690289b9854543eb55a
-
SSDEEP
24576:SyQk6e8oQMroZIeS3q9WhIUlv6aZZLQ7OYD9DXyRIp+:5dxoZIeSaE7lRuvNXy
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Extracted
redline
nord
176.113.115.145:4125
-
auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530
Targets
-
-
Target
830dd8d33b55a1e19cf3c85e6caa807dba15efa3d5621e96d0ed8e7a6ba64e13
-
Size
981KB
-
MD5
6ddfc1d39b8a5f77f7066896a9da6a5e
-
SHA1
b25f2f0673920f19251e0b84e5efa26b41590a5a
-
SHA256
830dd8d33b55a1e19cf3c85e6caa807dba15efa3d5621e96d0ed8e7a6ba64e13
-
SHA512
0f6027b41ba8680531e0b9f27cdc045fe54e0242d682530f67894f788a8111a90c939c2cc822a95209be414a4f72ec231a1f5a4869d3f690289b9854543eb55a
-
SSDEEP
24576:SyQk6e8oQMroZIeS3q9WhIUlv6aZZLQ7OYD9DXyRIp+:5dxoZIeSaE7lRuvNXy
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-