Overview

overview

10

Static

static

3

8dba336a20...4b.exe

windows7-x64

10

8dba336a20...4b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8dba336a20a70a08b9793cbcf98fcd4b.exe

  • Size

    513KB

  • Sample

    230707-km3sgaha8t

  • MD5

    8dba336a20a70a08b9793cbcf98fcd4b

  • SHA1

    938dc96907a3b12516b28bfda830729ce7cce035

  • SHA256

    1abb6b0f658c6b3cf5bf4cd12b995110bd412e9de9c262e70bc58355fdb2b321

  • SHA512

    696ca68fd6dddf2485008a9d009e83f6d561cd5d1fc611a4b6a2035a5d02d8ae9ba06e9418f92d90d01ada49fd915cb748fd559acb92dd7a155bf0bdad2a3d2c

  • SSDEEP

    12288:ri02fvPaRdnQgIb9ZOdbTtxErEyA21RqSMd8Bdv1FC:ri0svP82gIb9ZOdYgyA22HWBdNFC

Score
10/10
amadeyhealerredlinefuroddiscoverydropperevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

    • Target

      8dba336a20a70a08b9793cbcf98fcd4b.exe

    • Size

      513KB

    • MD5

      8dba336a20a70a08b9793cbcf98fcd4b

    • SHA1

      938dc96907a3b12516b28bfda830729ce7cce035

    • SHA256

      1abb6b0f658c6b3cf5bf4cd12b995110bd412e9de9c262e70bc58355fdb2b321

    • SHA512

      696ca68fd6dddf2485008a9d009e83f6d561cd5d1fc611a4b6a2035a5d02d8ae9ba06e9418f92d90d01ada49fd915cb748fd559acb92dd7a155bf0bdad2a3d2c

    • SSDEEP

      12288:ri02fvPaRdnQgIb9ZOdbTtxErEyA21RqSMd8Bdv1FC:ri0svP82gIb9ZOdYgyA22HWBdNFC

    Score
    10/10
    amadeyhealerredlinefuroddiscoverydropperevasioninfostealerpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks