General
-
Target
2171246ed3d43574a3f47534ce5b2a4d067f912f5ec4e072ccdb9f127863336e
-
Size
1.4MB
-
Sample
230830-wjas3ahe42
-
MD5
39c1b06bb0144c2858b82f703f9cd7e2
-
SHA1
679eb53ba1adaf6cb3aa4312e3f83a164c4a3860
-
SHA256
2171246ed3d43574a3f47534ce5b2a4d067f912f5ec4e072ccdb9f127863336e
-
SHA512
1a1949c1913a8d4cbba3979e1d02b9909ade120bc32ed41b2384c1635d7c11f44c510b8890c95be894ec3aeda805a25261f3755c48fb0527443eca9c13720fa5
-
SSDEEP
24576:DyW/Hk+zWKB0ArZCEt+FdH5I2tjSeaEsvlfnESZqclpg94xAZR:WuHk+zWKB0ANCEt+F5e2tj4tfnESLlp8
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
sruta
77.91.124.82:19071
-
auth_value
c556edcd49703319eca74247de20c236
Targets
-
-
Target
2171246ed3d43574a3f47534ce5b2a4d067f912f5ec4e072ccdb9f127863336e
-
Size
1.4MB
-
MD5
39c1b06bb0144c2858b82f703f9cd7e2
-
SHA1
679eb53ba1adaf6cb3aa4312e3f83a164c4a3860
-
SHA256
2171246ed3d43574a3f47534ce5b2a4d067f912f5ec4e072ccdb9f127863336e
-
SHA512
1a1949c1913a8d4cbba3979e1d02b9909ade120bc32ed41b2384c1635d7c11f44c510b8890c95be894ec3aeda805a25261f3755c48fb0527443eca9c13720fa5
-
SSDEEP
24576:DyW/Hk+zWKB0ArZCEt+FdH5I2tjSeaEsvlfnESZqclpg94xAZR:WuHk+zWKB0ANCEt+F5e2tj4tfnESLlp8
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-