Overview

overview

10

Static

static

3

d86187af56...fc.exe

windows7-x64

10

d86187af56...fc.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d86187af56d7695235d19a0e4162227272b38f1938de06d3b46dbf141dd423fc

  • Size

    1.2MB

  • Sample

    230505-ymhdesda61

  • MD5

    8fe7b28cc71375ef262cc697d8708a2e

  • SHA1

    dd83db447fdb457283f708f1bfae856253c8cfcb

  • SHA256

    d86187af56d7695235d19a0e4162227272b38f1938de06d3b46dbf141dd423fc

  • SHA512

    f4124ca5997b8943f689e8452069c7aaf4e776f3161262b80fd5d8b481e130f76219af2298895131a4ffef819dc1f6e9df224938dc8d15cd60b406b5d7ac4831

  • SSDEEP

    24576:Syfe6f/qKhsFlm6HOGlMCq6lo1oqPA86TVi/DnPlN7sG:526f/VgHOGlFPa6V+P37s

Score
10/10
amadeyredlineboomlupadiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

lupa

C2

217.196.96.56:4138

Attributes
  • auth_value

    fcb02fce9bc10c56a9841d56974bd7b8

Extracted

Family

redline

Botnet

boom

C2

217.196.96.56:4138

Attributes
  • auth_value

    1ce6aebe15bac07a7bc88b114bc49335

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      d86187af56d7695235d19a0e4162227272b38f1938de06d3b46dbf141dd423fc

    • Size

      1.2MB

    • MD5

      8fe7b28cc71375ef262cc697d8708a2e

    • SHA1

      dd83db447fdb457283f708f1bfae856253c8cfcb

    • SHA256

      d86187af56d7695235d19a0e4162227272b38f1938de06d3b46dbf141dd423fc

    • SHA512

      f4124ca5997b8943f689e8452069c7aaf4e776f3161262b80fd5d8b481e130f76219af2298895131a4ffef819dc1f6e9df224938dc8d15cd60b406b5d7ac4831

    • SSDEEP

      24576:Syfe6f/qKhsFlm6HOGlMCq6lo1oqPA86TVi/DnPlN7sG:526f/VgHOGlFPa6V+P37s

    Score
    10/10
    amadeyredlineboomlupadiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks