General
-
Target
ebb30a7162b8b2392422ad8ea5bfc86d1383fd048e6197d892dfa5ca9b1bf337
-
Size
680KB
-
Sample
230802-21dh6sbe3w
-
MD5
6fd9e615cf2069e90bbfc07006d18e4b
-
SHA1
38a7a57d86907c58f803ad77bb90ae8fc4011481
-
SHA256
ebb30a7162b8b2392422ad8ea5bfc86d1383fd048e6197d892dfa5ca9b1bf337
-
SHA512
ac35932081577a5237a4c9eaf3a1d4b1904f88016cedad45cf200a224473ef70c62a98adf192cb06fe682dfe1104570f6eb23b8c7a678aadcbf63ada213394cf
-
SSDEEP
12288:eMroy907LUgQiaRlhUgfwNiRLD9hCDDLaIIz0rLlmMKqfh4p5nImkhyXRm:yy2ZYYwCD/Wz0nlmM54pi7IXo
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
maxik
77.91.124.156:19071
-
auth_value
a7714e1bc167c67e3fc8f9e368352269
Targets
-
-
Target
ebb30a7162b8b2392422ad8ea5bfc86d1383fd048e6197d892dfa5ca9b1bf337
-
Size
680KB
-
MD5
6fd9e615cf2069e90bbfc07006d18e4b
-
SHA1
38a7a57d86907c58f803ad77bb90ae8fc4011481
-
SHA256
ebb30a7162b8b2392422ad8ea5bfc86d1383fd048e6197d892dfa5ca9b1bf337
-
SHA512
ac35932081577a5237a4c9eaf3a1d4b1904f88016cedad45cf200a224473ef70c62a98adf192cb06fe682dfe1104570f6eb23b8c7a678aadcbf63ada213394cf
-
SSDEEP
12288:eMroy907LUgQiaRlhUgfwNiRLD9hCDDLaIIz0rLlmMKqfh4p5nImkhyXRm:yy2ZYYwCD/Wz0nlmM54pi7IXo
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1