General
-
Target
e518d8ddcdc886900b22bf0b6563161dd980f2a03a77c1a26455f352e061283b
-
Size
843KB
-
Sample
230411-mtxadabh82
-
MD5
e1e9883721ea29739d642f23b415a830
-
SHA1
c603c6bbcbbffd76fb9bbefde629478da62f094a
-
SHA256
e518d8ddcdc886900b22bf0b6563161dd980f2a03a77c1a26455f352e061283b
-
SHA512
a9f8a50979f0b5ca0381a001556af7fdca9c1867ad173f487336a67fc653a0dba036dbccce5c1cc10cec90a1690b3b65ce56424a023d78b695d6ce6f19aacb0a
-
SSDEEP
12288:fMrGy902ay25Hyedqw3KoODYO+/rbdSslTwA1aqbP00N31SmBHXKz1:ZyPayGHyec2KzHerRSslczqbM0N3pE1
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Targets
-
-
Target
e518d8ddcdc886900b22bf0b6563161dd980f2a03a77c1a26455f352e061283b
-
Size
843KB
-
MD5
e1e9883721ea29739d642f23b415a830
-
SHA1
c603c6bbcbbffd76fb9bbefde629478da62f094a
-
SHA256
e518d8ddcdc886900b22bf0b6563161dd980f2a03a77c1a26455f352e061283b
-
SHA512
a9f8a50979f0b5ca0381a001556af7fdca9c1867ad173f487336a67fc653a0dba036dbccce5c1cc10cec90a1690b3b65ce56424a023d78b695d6ce6f19aacb0a
-
SSDEEP
12288:fMrGy902ay25Hyedqw3KoODYO+/rbdSslTwA1aqbP00N31SmBHXKz1:ZyPayGHyec2KzHerRSslczqbM0N3pE1
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-