General

  • Target

    ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1

  • Size

    641KB

  • Sample

    230801-x3m36sah43

  • MD5

    d4368e0e12082d50af413daf6d422d15

  • SHA1

    5afe753c00c3ec0103ac7896d8b316dc6c586aea

  • SHA256

    ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1

  • SHA512

    ae88f5aaacaa6940dea08110e31754869bde7dc50d04bb313610dd73fa2539be642fa664bc1db7788ea287052d77c16238d12003da6788468996d53e6154e094

  • SSDEEP

    12288:HMrZy90v/nCl6xzEybwcNlxB1wDwZNmMrWM7rErcI6yS0Fi1l2RYD6rDO1mYB1k0:uyeQ6xz90c3y3Wx7gwh+OB+W1RB1k0

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

maxik

C2

77.91.124.156:19071

Attributes
  • auth_value

    a7714e1bc167c67e3fc8f9e368352269

Targets

    • Target

      ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1

    • Size

      641KB

    • MD5

      d4368e0e12082d50af413daf6d422d15

    • SHA1

      5afe753c00c3ec0103ac7896d8b316dc6c586aea

    • SHA256

      ee5e8480cc2e9f414dc7fe09789f79a6d7e20b0648ed4f5e956dd0ebf14692f1

    • SHA512

      ae88f5aaacaa6940dea08110e31754869bde7dc50d04bb313610dd73fa2539be642fa664bc1db7788ea287052d77c16238d12003da6788468996d53e6154e094

    • SSDEEP

      12288:HMrZy90v/nCl6xzEybwcNlxB1wDwZNmMrWM7rErcI6yS0Fi1l2RYD6rDO1mYB1k0:uyeQ6xz90c3y3Wx7gwh+OB+W1RB1k0

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks