General

  • Target

    228c570f866ee9b1064b0b1fdc1ca7edea4adba7ff6c112aedb7181ed9d9c788

  • Size

    756KB

  • Sample

    230820-ej4mpseh2x

  • MD5

    fd6bbd9789a3c382e1985a23dcbc39ce

  • SHA1

    0f01f503297e191c7f71bf03d925758567cda25b

  • SHA256

    228c570f866ee9b1064b0b1fdc1ca7edea4adba7ff6c112aedb7181ed9d9c788

  • SHA512

    fe5a7c3db73f06faa418f02ebe8af12c2666abd59ff6ccdca07198848507fcca08aa619cc8f4db8ccfa4aa81eb5c2cb0135c52eb68e369c4270d444ced23b3bc

  • SSDEEP

    12288:oMrIy90+byvx0JuQhPhWL6xud6IfmpMV/CWOZMFlOO70jzU7ZMuyO:gyxWqhWL6wd6ym6lCWFFl97azUb

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

jonka

C2

77.91.124.73:19071

Attributes
  • auth_value

    c95bc30cd252fa6dff2a19fd78bfab4e

Targets

    • Target

      228c570f866ee9b1064b0b1fdc1ca7edea4adba7ff6c112aedb7181ed9d9c788

    • Size

      756KB

    • MD5

      fd6bbd9789a3c382e1985a23dcbc39ce

    • SHA1

      0f01f503297e191c7f71bf03d925758567cda25b

    • SHA256

      228c570f866ee9b1064b0b1fdc1ca7edea4adba7ff6c112aedb7181ed9d9c788

    • SHA512

      fe5a7c3db73f06faa418f02ebe8af12c2666abd59ff6ccdca07198848507fcca08aa619cc8f4db8ccfa4aa81eb5c2cb0135c52eb68e369c4270d444ced23b3bc

    • SSDEEP

      12288:oMrIy90+byvx0JuQhPhWL6xud6IfmpMV/CWOZMFlOO70jzU7ZMuyO:gyxWqhWL6wd6ym6lCWFFl97azUb

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks