General
-
Target
0757545b5cf02ec23e90b1a413bca2f7559cbee176cf611f2d9665f9165966a8_JC.exe
-
Size
556KB
-
Sample
230805-lwc4vacf7y
-
MD5
c6502b94e1d78e4a5f25cd5f20daaa41
-
SHA1
5de2d9f2bbf01638fc1c55fc844860cb70f06175
-
SHA256
0757545b5cf02ec23e90b1a413bca2f7559cbee176cf611f2d9665f9165966a8
-
SHA512
4f8d3b1431bcfb129c2098a415a4348da3eefade8c985a7e13296d6850678da4af6d7abe330dd1a2aca913295408714b49621f08416c50c7724f32d27c1a4e50
-
SSDEEP
12288:uMrgy90QwMyJSTwZ3lmKxLV/naGCp44hSwfHP:SyhwMLTwbLNaGCpjHP
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
micky
77.91.124.172:19071
-
auth_value
748f3c67c004f4a994500f05127b4428
Targets
-
-
Target
0757545b5cf02ec23e90b1a413bca2f7559cbee176cf611f2d9665f9165966a8_JC.exe
-
Size
556KB
-
MD5
c6502b94e1d78e4a5f25cd5f20daaa41
-
SHA1
5de2d9f2bbf01638fc1c55fc844860cb70f06175
-
SHA256
0757545b5cf02ec23e90b1a413bca2f7559cbee176cf611f2d9665f9165966a8
-
SHA512
4f8d3b1431bcfb129c2098a415a4348da3eefade8c985a7e13296d6850678da4af6d7abe330dd1a2aca913295408714b49621f08416c50c7724f32d27c1a4e50
-
SSDEEP
12288:uMrgy90QwMyJSTwZ3lmKxLV/naGCp44hSwfHP:SyhwMLTwbLNaGCpjHP
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1