General
-
Target
b1015b8711b2e3c3e6c0b290d2db49d2.bin
-
Size
1.8MB
-
Sample
230627-cdsbdacg48
-
MD5
4146f42aac17e1a10745fbe44a1e434a
-
SHA1
eabbde68a677bb52a5c43a438439d75db25ac745
-
SHA256
d1906a4db2e1d178711b3f15aaf3600525389dbb969a88111bb27f06a4bc6b90
-
SHA512
1acca30f40d5c996827c19737f2235e8d9aa0867c694d8abbd8f1237d085cffd6cc177be44ff7ef6db82beeb66c5f8de22f647080b2a8de5e1e2760bbaa6017d
-
SSDEEP
49152:AoE3sS4mew2/vJHJe3zt4yUfJTHsMpfsHi5IDB7XthpBoZ:AoZpv1nhbf5MusHeYNdh8Z
Malware Config
Extracted
redline
drake
83.97.73.131:19071
-
auth_value
74ce6ffe4025a2e4027fb727915e7d7c
Extracted
amadey
3.84
77.91.68.63/doma/net/index.php
Targets
-
-
Target
5b84bbeb5f4470d18c8c99a06ca654922413a224332cd92defef825e879f334e.exe
-
Size
3.6MB
-
MD5
b1015b8711b2e3c3e6c0b290d2db49d2
-
SHA1
91d741df29582ad1731a06f459eee8fa6630b053
-
SHA256
5b84bbeb5f4470d18c8c99a06ca654922413a224332cd92defef825e879f334e
-
SHA512
d4458334783f7f2db1f1a3b83d702da07626d0655bf7ac066d7a385e7dc91dd99d49ea0396f42c6b570d41bcbbb3ce2a5a8b69190b194c3a15a0368053b378ad
-
SSDEEP
98304:iHwAhEaa006IVFPkolk9oliqLUHpQiF5l66FHgiW2TIOB9udksMHQrIFVyGVs3Gl:mwiEapL09LQ5l6mc09udhCQOVTVp
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-