General
-
Target
f25139eb32f95d5bc10e72244481394ef1a64e77386be043e90f0441e4770b83
-
Size
556KB
-
Sample
230804-p9jekaah95
-
MD5
c57263241b07fdb7fdc34e528fcc35d2
-
SHA1
c87a75897b591d5ad106410007d627413bfa22e5
-
SHA256
f25139eb32f95d5bc10e72244481394ef1a64e77386be043e90f0441e4770b83
-
SHA512
a51892f0cf9f6cc07c2332877104d9ad080453553d03df3e285110bdf21da059096b7dd92721025e103c8fa35b994a448f1be526168ac07863117710142bb3c2
-
SSDEEP
12288:6Mr8y90XRVtu70DjogPQOyPF2rUM4OcbCa/cfxG+50KjB:iyQVUI/zY/SiOu1g8+K6
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
noxi
77.91.124.172:19071
-
auth_value
e10200e6555cb5a87e1635876fe8a35a
Targets
-
-
Target
f25139eb32f95d5bc10e72244481394ef1a64e77386be043e90f0441e4770b83
-
Size
556KB
-
MD5
c57263241b07fdb7fdc34e528fcc35d2
-
SHA1
c87a75897b591d5ad106410007d627413bfa22e5
-
SHA256
f25139eb32f95d5bc10e72244481394ef1a64e77386be043e90f0441e4770b83
-
SHA512
a51892f0cf9f6cc07c2332877104d9ad080453553d03df3e285110bdf21da059096b7dd92721025e103c8fa35b994a448f1be526168ac07863117710142bb3c2
-
SSDEEP
12288:6Mr8y90XRVtu70DjogPQOyPF2rUM4OcbCa/cfxG+50KjB:iyQVUI/zY/SiOu1g8+K6
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1