General
-
Target
6bab6a647f9671bb681f238e9bad00d1bc392ac788c176271e8fad1a39cd5c98
-
Size
1.0MB
-
Sample
230414-ft86lsgc53
-
MD5
eb09bce5f8f5c2c6a3a6317d4ab82122
-
SHA1
9e04aaebc2bcb0dcce3a3e1cc6bb7f5f08465f06
-
SHA256
6bab6a647f9671bb681f238e9bad00d1bc392ac788c176271e8fad1a39cd5c98
-
SHA512
3d873b093c5c698c7921e865a5e5801ae751221502407cd606f41b047b6fa4250bb828f50439b217313f998af73ebb53400b225afda6ac323fa1c828d995be3c
-
SSDEEP
24576:ty+Ufbrc+tuJNvYlZI+G064fVuxwXDhPX+PSuOhUf:ILfbr376SVMwlvSg
Malware Config
Extracted
redline
lada
185.161.248.90:4125
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
redline
disa
185.161.248.90:4125
-
auth_value
93f8c4ca7000e3381dd4b6b86434de05
Targets
-
-
Target
6bab6a647f9671bb681f238e9bad00d1bc392ac788c176271e8fad1a39cd5c98
-
Size
1.0MB
-
MD5
eb09bce5f8f5c2c6a3a6317d4ab82122
-
SHA1
9e04aaebc2bcb0dcce3a3e1cc6bb7f5f08465f06
-
SHA256
6bab6a647f9671bb681f238e9bad00d1bc392ac788c176271e8fad1a39cd5c98
-
SHA512
3d873b093c5c698c7921e865a5e5801ae751221502407cd606f41b047b6fa4250bb828f50439b217313f998af73ebb53400b225afda6ac323fa1c828d995be3c
-
SSDEEP
24576:ty+Ufbrc+tuJNvYlZI+G064fVuxwXDhPX+PSuOhUf:ILfbr376SVMwlvSg
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-