General
-
Target
f51e74a4f10226607e001f2a2618be9e236f62bd34a8ac9a7889116e477ae23c
-
Size
924KB
-
Sample
230503-dg962afc5z
-
MD5
bcd921bbf4ea4a50404f698ce57a2046
-
SHA1
5957cce20e34d46435058ae296844339857d9f4a
-
SHA256
f51e74a4f10226607e001f2a2618be9e236f62bd34a8ac9a7889116e477ae23c
-
SHA512
ed3b872586626a7545ea47c5b797efd1608f6ba34601fcb6532522de0fd001d847a0ce4568b4344763e6151f2c9edd8450ce396f182cf564d8244d30626073cb
-
SSDEEP
24576:YybZZY5j6y1JXR/oS7fcR/W85x68Mt1qmlFm/Ug+C1k3yr:fVK6wXRh7UR/W85RMtYJW
Malware Config
Extracted
redline
lupa
217.196.96.56:4138
-
auth_value
fcb02fce9bc10c56a9841d56974bd7b8
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
f51e74a4f10226607e001f2a2618be9e236f62bd34a8ac9a7889116e477ae23c
-
Size
924KB
-
MD5
bcd921bbf4ea4a50404f698ce57a2046
-
SHA1
5957cce20e34d46435058ae296844339857d9f4a
-
SHA256
f51e74a4f10226607e001f2a2618be9e236f62bd34a8ac9a7889116e477ae23c
-
SHA512
ed3b872586626a7545ea47c5b797efd1608f6ba34601fcb6532522de0fd001d847a0ce4568b4344763e6151f2c9edd8450ce396f182cf564d8244d30626073cb
-
SSDEEP
24576:YybZZY5j6y1JXR/oS7fcR/W85x68Mt1qmlFm/Ug+C1k3yr:fVK6wXRh7UR/W85RMtYJW
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-