General
-
Target
28266e38396bddb1cc980c1216c89acb4e8c218324bd6648c75a728e2a8be23d
-
Size
731KB
-
Sample
230817-xqqzaseb6s
-
MD5
9c60b9b1ad49d2548d6db29b3f8e14d7
-
SHA1
0702f5badcf4e5fc6109c38d1207f28ef583fcaf
-
SHA256
28266e38396bddb1cc980c1216c89acb4e8c218324bd6648c75a728e2a8be23d
-
SHA512
7e38c20ac30089c183485166059e11625a200912cdf1bb1a690f59e05a9b16e641ea5d216b982dbacca2d983723b14612923fd3bef67e95ca18d2aa8355052f7
-
SSDEEP
12288:pMrqy90lNr25+6asEChHgXATqDLnJm4TOebEwkr9zWnmaO+OMhjDj4C:fyYsYShHgwODLJm4Oebtg9zWngRk
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
maga
77.91.124.54:19071
-
auth_value
9dd7a0be219be9b6228dc9b4e112b812
Targets
-
-
Target
28266e38396bddb1cc980c1216c89acb4e8c218324bd6648c75a728e2a8be23d
-
Size
731KB
-
MD5
9c60b9b1ad49d2548d6db29b3f8e14d7
-
SHA1
0702f5badcf4e5fc6109c38d1207f28ef583fcaf
-
SHA256
28266e38396bddb1cc980c1216c89acb4e8c218324bd6648c75a728e2a8be23d
-
SHA512
7e38c20ac30089c183485166059e11625a200912cdf1bb1a690f59e05a9b16e641ea5d216b982dbacca2d983723b14612923fd3bef67e95ca18d2aa8355052f7
-
SSDEEP
12288:pMrqy90lNr25+6asEChHgXATqDLnJm4TOebEwkr9zWnmaO+OMhjDj4C:fyYsYShHgwODLJm4Oebtg9zWngRk
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1