Overview

overview

10

Static

static

3

e0286db278...7e.exe

windows7-x64

10

e0286db278...7e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    07a75263f8c5db0e489cb14b86a3e20e.bin

  • Size

    745KB

  • Sample

    230613-bcqkqaec67

  • MD5

    f9526a1f1ffba7eac801802ce4ee40e6

  • SHA1

    d244c9b454b7052d77b292ba712de673d0d546e2

  • SHA256

    6dcab115d80cb99a1524673ce9c06aca9c6d880cdfbcc212b80a9ff1c82792bf

  • SHA512

    3b016e803099d99ea7a7b7c8eeddb68464e854c8c211859475c37682b206cef57e378e02d2e9fe9d0aaf1c75c2c151aeb3776004456fa7b68791db434290e62f

  • SSDEEP

    12288:1aeNJXrsWPSrN1XkPO/WOkNgRpEth9G3x77o/gy8Kj8/QN8fgp04k:HRpy93kW3J7o/goB304k

Score
10/10
amadeyredlinecrazydaredroidmastdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

crazy

C2

83.97.73.129:19068

Attributes
  • auth_value

    66bc4d9682ea090eef64a299ece12fdd

Extracted

Family

redline

Botnet

mast

C2

83.97.73.129:19068

Attributes
  • auth_value

    95784a9ad2d19498f84abcf8e48d8da8

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Extracted

Family

redline

Botnet

dare

C2

83.97.73.129:19068

Attributes
  • auth_value

    cdee8b76b5a70827d5d5e110218c7d2f

Extracted

Family

redline

Botnet

droid

C2

83.97.73.129:19068

Attributes
  • auth_value

    4e534d26d67e90669e9843dbbfac4c52

Targets

    • Target

      e0286db278fd9987f11e9aa495968c1faad9ab389d15387d1b678d7172b0977e.exe

    • Size

      789KB

    • MD5

      07a75263f8c5db0e489cb14b86a3e20e

    • SHA1

      4a4161a5821f9f1eff6f7ef47535ac8263d78fc9

    • SHA256

      e0286db278fd9987f11e9aa495968c1faad9ab389d15387d1b678d7172b0977e

    • SHA512

      1cfec49c17f395dcd84bdbe29e50155f1234b81ef1c99fd3443d2b5c376b9266b13b2298bae4ccb5f432acef9564214e9da517ff83c1bd5a70f16e9ce0f144cf

    • SSDEEP

      12288:+MrUy90LXv3p2It8/zDogh2BNs/klJeTYMUowtxc12MagNZVyqaW7aQCQ06aqU3l:ey+Q08bEpXhGJUowE1VamZHb7g93l

    Score
    10/10
    amadeyredlinecrazydaredroidmastdiscoveryevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks