General
-
Target
d393b65498e2fb92cab24cfbd9f5b6417b4dcb5a45fee088f51ff2bb9e7be7ac
-
Size
793KB
-
Sample
230617-a1my3ahb51
-
MD5
c5d58fde49af56abf1011ff963379f8f
-
SHA1
563f8a828edad3e8788cddb720ad1c38366e79cd
-
SHA256
d393b65498e2fb92cab24cfbd9f5b6417b4dcb5a45fee088f51ff2bb9e7be7ac
-
SHA512
0a0a38bcd81a66733b0af425a9d0e6f8c7ae21e9f1edb75fc6aabb991656af3b7de7b706fa2f52696b935947fedc032cd19c1c3ba51ce9e8e9c197b64232c511
-
SSDEEP
12288:jMrGy90WBlxnBGVcqAgRJ+mOMTW3qUv6sbhN1IH4OJylElOU7xQt3e:hyhNnBGaqITSUqUvdSi6Zq3e
Malware Config
Extracted
redline
grega
83.97.73.130:19061
-
auth_value
16e2fbc2847b2270b3f0679e2dd76c8d
Extracted
redline
ledo
83.97.73.130:19061
-
auth_value
f2a0e4723856f604d798b9417463db57
Extracted
amadey
3.81
95.214.27.98/cronus/index.php
Targets
-
-
Target
d393b65498e2fb92cab24cfbd9f5b6417b4dcb5a45fee088f51ff2bb9e7be7ac
-
Size
793KB
-
MD5
c5d58fde49af56abf1011ff963379f8f
-
SHA1
563f8a828edad3e8788cddb720ad1c38366e79cd
-
SHA256
d393b65498e2fb92cab24cfbd9f5b6417b4dcb5a45fee088f51ff2bb9e7be7ac
-
SHA512
0a0a38bcd81a66733b0af425a9d0e6f8c7ae21e9f1edb75fc6aabb991656af3b7de7b706fa2f52696b935947fedc032cd19c1c3ba51ce9e8e9c197b64232c511
-
SSDEEP
12288:jMrGy90WBlxnBGVcqAgRJ+mOMTW3qUv6sbhN1IH4OJylElOU7xQt3e:hyhNnBGaqITSUqUvdSi6Zq3e
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-