General

  • Target

    85e7bc3c003e068d838d1a1c272b7119.exe

  • Size

    556KB

  • Sample

    230805-lml1dscf5w

  • MD5

    85e7bc3c003e068d838d1a1c272b7119

  • SHA1

    d9e44f291cd7175707d7f9658a3f4f9ba4ac960e

  • SHA256

    6c3e14911e976df22d590a3115a982a3941d7e410ce4c34277e02a6db56771b1

  • SHA512

    3dd9a9d0c7bdcea22e07dfaf94717fbf03de46bb37f309fdaeed10d924fd1f98a527e390d90be86f0b838928f957d4733253bc6729dfa659dbcf9fce30d1167e

  • SSDEEP

    12288:mMrjy90wmPkdCKWihgT8OVgONLZTNxKlsKkk5s:hyLmVegI3OhZTisDk5s

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

micky

C2

77.91.124.172:19071

Attributes
  • auth_value

    748f3c67c004f4a994500f05127b4428

Targets

    • Target

      85e7bc3c003e068d838d1a1c272b7119.exe

    • Size

      556KB

    • MD5

      85e7bc3c003e068d838d1a1c272b7119

    • SHA1

      d9e44f291cd7175707d7f9658a3f4f9ba4ac960e

    • SHA256

      6c3e14911e976df22d590a3115a982a3941d7e410ce4c34277e02a6db56771b1

    • SHA512

      3dd9a9d0c7bdcea22e07dfaf94717fbf03de46bb37f309fdaeed10d924fd1f98a527e390d90be86f0b838928f957d4733253bc6729dfa659dbcf9fce30d1167e

    • SSDEEP

      12288:mMrjy90wmPkdCKWihgT8OVgONLZTNxKlsKkk5s:hyLmVegI3OhZTisDk5s

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks