General
-
Target
cd4b9bd0350f892c0b0068b728785433632c5b14f35c386a47fa32f322725fce
-
Size
555KB
-
Sample
230807-dqpxfsdc28
-
MD5
f226b13a7fbf0f5c7824fe8e2ae1dc6c
-
SHA1
a42a28e5bdb112c1f0327b41b47291edd3a78aab
-
SHA256
cd4b9bd0350f892c0b0068b728785433632c5b14f35c386a47fa32f322725fce
-
SHA512
490019a8607c3e03aa9a4cac6163c6bdbfb72f583ae73ffe90d85dc04d36608cb9816947d3c58d7000bae65504211b6b603754012330aa33297f0e6a34650b8d
-
SSDEEP
12288:YMr8y90zpAc9R3icYbLR0iv01+WWPgBYCrQyLfQI1DnLrOb:kykpA03mj80lozcaQIRLSb
Malware Config
Extracted
amadey
3.86
77.91.68.61/rock/index.php
Extracted
redline
dodge
77.91.124.156:19071
-
auth_value
3372223e987be2a16148c072df30163d
Targets
-
-
Target
cd4b9bd0350f892c0b0068b728785433632c5b14f35c386a47fa32f322725fce
-
Size
555KB
-
MD5
f226b13a7fbf0f5c7824fe8e2ae1dc6c
-
SHA1
a42a28e5bdb112c1f0327b41b47291edd3a78aab
-
SHA256
cd4b9bd0350f892c0b0068b728785433632c5b14f35c386a47fa32f322725fce
-
SHA512
490019a8607c3e03aa9a4cac6163c6bdbfb72f583ae73ffe90d85dc04d36608cb9816947d3c58d7000bae65504211b6b603754012330aa33297f0e6a34650b8d
-
SSDEEP
12288:YMr8y90zpAc9R3icYbLR0iv01+WWPgBYCrQyLfQI1DnLrOb:kykpA03mj80lozcaQIRLSb
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1