General
-
Target
ec6e08c281ff76c4b4116bf5dda6d7c5e7b83e98a8256.exe
-
Size
831KB
-
Sample
230819-m44r7sag4v
-
MD5
9844591837b1f2619155e29c306dff0d
-
SHA1
abf7abd58509d55369edd34ec7284a3fba9c95a5
-
SHA256
ec6e08c281ff76c4b4116bf5dda6d7c5e7b83e98a82560c4c36938937556e46e
-
SHA512
d1a21aaaa97262890dc0c51a0bc04be1974ca05dc3363a2c6f6bc75c80a1c5df1f1ee7bd14dd0df353383b7fd31de1b4cd2204c659b617f446286bd8c8d59d6f
-
SSDEEP
24576:cyn3b8LVfF8dGmxJAKWqSBOjDrcnxXbbDUpvwEn:Ln3AUdGmjAKWqSMonVPS
Malware Config
Extracted
amadey
S-%lu-
77.91.68.18/nice/index.php
3.87/nice/index.php
Extracted
redline
dugin
77.91.124.73:19071
-
auth_value
7c3e46e091100fd26a6076996d374c28
Targets
-
-
Target
ec6e08c281ff76c4b4116bf5dda6d7c5e7b83e98a8256.exe
-
Size
831KB
-
MD5
9844591837b1f2619155e29c306dff0d
-
SHA1
abf7abd58509d55369edd34ec7284a3fba9c95a5
-
SHA256
ec6e08c281ff76c4b4116bf5dda6d7c5e7b83e98a82560c4c36938937556e46e
-
SHA512
d1a21aaaa97262890dc0c51a0bc04be1974ca05dc3363a2c6f6bc75c80a1c5df1f1ee7bd14dd0df353383b7fd31de1b4cd2204c659b617f446286bd8c8d59d6f
-
SSDEEP
24576:cyn3b8LVfF8dGmxJAKWqSBOjDrcnxXbbDUpvwEn:Ln3AUdGmjAKWqSMonVPS
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1