General
-
Target
x3087097.exe
-
Size
599KB
-
Sample
230828-e7485sfg26
-
MD5
54cb47fc77ced5dcc797890d8f08cf77
-
SHA1
b8bbd7b543fa4a632d7b3aa33bcd99454fede12c
-
SHA256
10685f5f0043d1bf98df9fb79751756983e3756307fe7ba1981be5d68e89cc02
-
SHA512
692e1babe65ce938b495f9d9bfd41a749d3bc31dddbeaa4bd1fc34f82cc55f8e68d1dd6dc56e12a117be0852d3f79c4aeceed625c4e95508d1a91a26221ad481
-
SSDEEP
12288:OMr0y906skwIfZw9ZkdyBakuUs6m0TB/du8LKDs:+yZskrEZwdV60Sas
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
Extracted
redline
stas
77.91.124.82:19071
-
auth_value
db6d96c4eade05afc28c31d9ad73a73c
Targets
-
-
Target
x3087097.exe
-
Size
599KB
-
MD5
54cb47fc77ced5dcc797890d8f08cf77
-
SHA1
b8bbd7b543fa4a632d7b3aa33bcd99454fede12c
-
SHA256
10685f5f0043d1bf98df9fb79751756983e3756307fe7ba1981be5d68e89cc02
-
SHA512
692e1babe65ce938b495f9d9bfd41a749d3bc31dddbeaa4bd1fc34f82cc55f8e68d1dd6dc56e12a117be0852d3f79c4aeceed625c4e95508d1a91a26221ad481
-
SSDEEP
12288:OMr0y906skwIfZw9ZkdyBakuUs6m0TB/du8LKDs:+yZskrEZwdV60Sas
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1