General
-
Target
ab2c12dd429ef7900b82735a56d86394.bin
-
Size
682KB
-
Sample
230612-cn7ttabb5v
-
MD5
a65a98d583207a7b0f0cb028ad62be7d
-
SHA1
a0402de0ef5dca4db8e18d887f374b7b8ad02d30
-
SHA256
95a424d1372190a5a96c3b86d6903e717944640a98b26a576edb6bb32c0bb405
-
SHA512
092d3fbaa46500a934bd9f99c4f2cbcf2234cb0b4c2eb7d2fad0c13766686088d429556ebffb16e52878f733fc270c35db907528b45e682b319779a4a789bc00
-
SSDEEP
12288:NciWwwlHk9LcCNFgY7Z9Dejc6wvaOLKRZmagktTgXaJPnhGZvtZZhz1Wfrt5vp3R:i7NlH2LcCQEpoQaVRg+9gqJEZXZtAfr3
Malware Config
Extracted
redline
dast
83.97.73.129:19068
-
auth_value
17d71bf1a3f93284f5848e00b0dd8222
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
1db589cc2e16f2e9b2530fdb7d21f676845230a7675e179c85808a0f83770c0f.exe
-
Size
725KB
-
MD5
ab2c12dd429ef7900b82735a56d86394
-
SHA1
da70166aace5af036738e3be5095cdde12eaf748
-
SHA256
1db589cc2e16f2e9b2530fdb7d21f676845230a7675e179c85808a0f83770c0f
-
SHA512
ae3d98466cd13900912b9bbc05ddd39b07fffdcc89788244402e903fcc3c994bb61844204f4baef9412dd3aed196ecfcc634a67afc23d3207daab50d57c0f86d
-
SSDEEP
12288:HMrXy90b8WakH1fQuxfjuxZ/6f/jr0VYlaHIxILZToNEn7CPD22RZkOZb:cyHNiQYjZLlaH/7CPD227kOZb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-