General
-
Target
c56fe33f51e7075d00ec8f9d4bae4891e1920de9bd4b350e914c44e39be9c218
-
Size
489KB
-
Sample
230507-m2qgssgb9w
-
MD5
245f5a964e1907ef7625387d2af74fa1
-
SHA1
5160d53d0040f22772594a38333ef0701f723c97
-
SHA256
c56fe33f51e7075d00ec8f9d4bae4891e1920de9bd4b350e914c44e39be9c218
-
SHA512
7f69f8c08e319e9a61b6436346b4d5b278f99c0a2cecc36db46ea5dd2b2203fd05ec38c746e27f686f8db26854f03c2160850e234bd8b9b0026d71075c27ed0b
-
SSDEEP
12288:KMr6y900bKUM2Sh7bDLkMUN5KDel3bfne7utjKO4k:UypmhrHLFw80Te7utok
Malware Config
Extracted
redline
lada
217.196.96.101:4132
-
auth_value
0b3678897547fedafe314eda5a2015ba
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Targets
-
-
Target
c56fe33f51e7075d00ec8f9d4bae4891e1920de9bd4b350e914c44e39be9c218
-
Size
489KB
-
MD5
245f5a964e1907ef7625387d2af74fa1
-
SHA1
5160d53d0040f22772594a38333ef0701f723c97
-
SHA256
c56fe33f51e7075d00ec8f9d4bae4891e1920de9bd4b350e914c44e39be9c218
-
SHA512
7f69f8c08e319e9a61b6436346b4d5b278f99c0a2cecc36db46ea5dd2b2203fd05ec38c746e27f686f8db26854f03c2160850e234bd8b9b0026d71075c27ed0b
-
SSDEEP
12288:KMr6y900bKUM2Sh7bDLkMUN5KDel3bfne7utjKO4k:UypmhrHLFw80Te7utok
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-