General
-
Target
8eb950fca179b95d1cbd81679744c02dae35eb395dc9cafb3e01227f38d83de6
-
Size
736KB
-
Sample
230617-c76e4ahh66
-
MD5
4c982673a1fb3a25e217037d3fede613
-
SHA1
a46deaf1f3997b5c17ad716a9201aacabb5c258f
-
SHA256
8eb950fca179b95d1cbd81679744c02dae35eb395dc9cafb3e01227f38d83de6
-
SHA512
d7d2d4b3f831ff1fa007982195df58802167cf81a149cff00fe883da73b15ae33797508f9a4de6afbab386717bcf5bc18383ff97392fae39ca8394c85f834c5e
-
SSDEEP
12288:eMr5y90WlCOeelzlt5B/ItVJj9OTyaVUuQJhx18IhD1Kslo4v0hI0W1gLSA6Jhym:HyjVlzzuOfafp6QD/lFw+SSA6HrPJf
Malware Config
Extracted
redline
dedo
83.97.73.130:19061
-
auth_value
ac76f7438fbe49011f900c651cb85e26
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Extracted
redline
grega
83.97.73.130:19061
-
auth_value
16e2fbc2847b2270b3f0679e2dd76c8d
Targets
-
-
Target
8eb950fca179b95d1cbd81679744c02dae35eb395dc9cafb3e01227f38d83de6
-
Size
736KB
-
MD5
4c982673a1fb3a25e217037d3fede613
-
SHA1
a46deaf1f3997b5c17ad716a9201aacabb5c258f
-
SHA256
8eb950fca179b95d1cbd81679744c02dae35eb395dc9cafb3e01227f38d83de6
-
SHA512
d7d2d4b3f831ff1fa007982195df58802167cf81a149cff00fe883da73b15ae33797508f9a4de6afbab386717bcf5bc18383ff97392fae39ca8394c85f834c5e
-
SSDEEP
12288:eMr5y90WlCOeelzlt5B/ItVJj9OTyaVUuQJhx18IhD1Kslo4v0hI0W1gLSA6Jhym:HyjVlzzuOfafp6QD/lFw+SSA6HrPJf
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-