General
-
Target
a1e0a0d20a5ba55bf4708a70d20eddd3b3862571980cae835a704b11b847daeb
-
Size
641KB
-
Sample
230802-yx4z6shf93
-
MD5
cbe4938c9642e89f348f9a5884da7ee9
-
SHA1
d74cba4c12428aeed03d84addd1279a0b259b881
-
SHA256
a1e0a0d20a5ba55bf4708a70d20eddd3b3862571980cae835a704b11b847daeb
-
SHA512
e3d20640e7cbf87e5c12f9ca0dde16361b707aeea4784103cb2d1668733d454fff64baa2c9ca218d4a490253aac6c4609ac141c2b3a994b9d957f1d9401b2b16
-
SSDEEP
12288:oMrby90x1rh9EUOAyv/Zz5GYcFHrJCDzvpH4WUNAGTUIs:Tyircv/Zz0Fh+zvJ4vCIs
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
maxik
77.91.124.156:19071
-
auth_value
a7714e1bc167c67e3fc8f9e368352269
Targets
-
-
Target
a1e0a0d20a5ba55bf4708a70d20eddd3b3862571980cae835a704b11b847daeb
-
Size
641KB
-
MD5
cbe4938c9642e89f348f9a5884da7ee9
-
SHA1
d74cba4c12428aeed03d84addd1279a0b259b881
-
SHA256
a1e0a0d20a5ba55bf4708a70d20eddd3b3862571980cae835a704b11b847daeb
-
SHA512
e3d20640e7cbf87e5c12f9ca0dde16361b707aeea4784103cb2d1668733d454fff64baa2c9ca218d4a490253aac6c4609ac141c2b3a994b9d957f1d9401b2b16
-
SSDEEP
12288:oMrby90x1rh9EUOAyv/Zz5GYcFHrJCDzvpH4WUNAGTUIs:Tyircv/Zz0Fh+zvJ4vCIs
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1