General
-
Target
b8401bf0ab39781024ba5a52ac62250aca3c4791687c28fca9d51a6cd76900c0
-
Size
702KB
-
Sample
230826-x5hlgaee3x
-
MD5
f93567a7ebf798787fad600bdb37fd25
-
SHA1
2658309bb0e594a525f1c9142ccf11de2fabb334
-
SHA256
b8401bf0ab39781024ba5a52ac62250aca3c4791687c28fca9d51a6cd76900c0
-
SHA512
76e7a80322da0c11589b9346ac2a8fd1e84414eb2b02244a6c01771bd0a93ed21a82619617524ef4562e640996907a0c4f19912e01ebfc91e4c8670d7df3dd0a
-
SSDEEP
12288:gMrty90+bjdGh/X0ddkb5jbVgOlx2EwQCcQrza7q+hlqp8M:9y3bjdQ/c6bpVgOGBlcQK7q+hkpv
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
Extracted
redline
jaja
77.91.124.73:19071
-
auth_value
3670179d176ca399ed08e7914610b43c
Targets
-
-
Target
b8401bf0ab39781024ba5a52ac62250aca3c4791687c28fca9d51a6cd76900c0
-
Size
702KB
-
MD5
f93567a7ebf798787fad600bdb37fd25
-
SHA1
2658309bb0e594a525f1c9142ccf11de2fabb334
-
SHA256
b8401bf0ab39781024ba5a52ac62250aca3c4791687c28fca9d51a6cd76900c0
-
SHA512
76e7a80322da0c11589b9346ac2a8fd1e84414eb2b02244a6c01771bd0a93ed21a82619617524ef4562e640996907a0c4f19912e01ebfc91e4c8670d7df3dd0a
-
SSDEEP
12288:gMrty90+bjdGh/X0ddkb5jbVgOlx2EwQCcQrza7q+hlqp8M:9y3bjdQ/c6bpVgOGBlcQK7q+hkpv
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1