General
-
Target
87a2324443b63c0ea58dc90b5a559ccb4a4a575c928bd1787b684a5ce0071d7d
-
Size
556KB
-
Sample
230806-md72yahb96
-
MD5
a310e6fec5e7c85ce554a5982412d95b
-
SHA1
7236db4e6ac1bd148f1c2506629f3f21cd66ef4f
-
SHA256
87a2324443b63c0ea58dc90b5a559ccb4a4a575c928bd1787b684a5ce0071d7d
-
SHA512
f1d5c51cb70d29c026ef37f19e85b080f7f19ffe3e1d945d655f2dd21d10dd5823b3ed126b92c50b4a160b5c388bc71ca2749a0a2a18a45c788398227217b8d0
-
SSDEEP
12288:PMrWy90+cwfYTMHUtlYz63X3HCdnhdpOUZEzQH:tyFXGlVHCHOm1H
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
savin
77.91.124.156:19071
-
auth_value
a1a05b810428195ab7bb63b132ea0c8d
Targets
-
-
Target
87a2324443b63c0ea58dc90b5a559ccb4a4a575c928bd1787b684a5ce0071d7d
-
Size
556KB
-
MD5
a310e6fec5e7c85ce554a5982412d95b
-
SHA1
7236db4e6ac1bd148f1c2506629f3f21cd66ef4f
-
SHA256
87a2324443b63c0ea58dc90b5a559ccb4a4a575c928bd1787b684a5ce0071d7d
-
SHA512
f1d5c51cb70d29c026ef37f19e85b080f7f19ffe3e1d945d655f2dd21d10dd5823b3ed126b92c50b4a160b5c388bc71ca2749a0a2a18a45c788398227217b8d0
-
SSDEEP
12288:PMrWy90+cwfYTMHUtlYz63X3HCdnhdpOUZEzQH:tyFXGlVHCHOm1H
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1