General
-
Target
5b4265db3f9ff45513ccedcd38a5eefd9111ea43cda2da2de80cb70391e52bba
-
Size
730KB
-
Sample
230817-17tcjafe31
-
MD5
f1d9bda149926f12856c56c5b6d9379b
-
SHA1
2df28485acd6026297c50e0f1d2b32faedfa4cd5
-
SHA256
5b4265db3f9ff45513ccedcd38a5eefd9111ea43cda2da2de80cb70391e52bba
-
SHA512
4c9b1adbb7e1c39cac793739f6596bda9e2ab06c86290534f686e6da31cbaf0f6a0b805e37beb83ce5056dc88811273b135fd37dac640f975aa7f2de179f81f8
-
SSDEEP
12288:hMrPy90qZ836sEMZvHcNaCsI0/qKgwe7iRdKRsfXDp7y9sCZdGA9AD9E7cRV:Wyfq1ZPkaCh0ynf7i7KOf97yG6duV
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
maga
77.91.124.54:19071
-
auth_value
9dd7a0be219be9b6228dc9b4e112b812
Targets
-
-
Target
5b4265db3f9ff45513ccedcd38a5eefd9111ea43cda2da2de80cb70391e52bba
-
Size
730KB
-
MD5
f1d9bda149926f12856c56c5b6d9379b
-
SHA1
2df28485acd6026297c50e0f1d2b32faedfa4cd5
-
SHA256
5b4265db3f9ff45513ccedcd38a5eefd9111ea43cda2da2de80cb70391e52bba
-
SHA512
4c9b1adbb7e1c39cac793739f6596bda9e2ab06c86290534f686e6da31cbaf0f6a0b805e37beb83ce5056dc88811273b135fd37dac640f975aa7f2de179f81f8
-
SSDEEP
12288:hMrPy90qZ836sEMZvHcNaCsI0/qKgwe7iRdKRsfXDp7y9sCZdGA9AD9E7cRV:Wyfq1ZPkaCh0ynf7i7KOf97yG6duV
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1