General

  • Target

    947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff

  • Size

    1.4MB

  • Sample

    230831-yd85sahg2v

  • MD5

    b42867026fc3ac655d89369edd71a7ca

  • SHA1

    cfb3fb8665299ef09cc465ef07e21e5e3296cd52

  • SHA256

    947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff

  • SHA512

    d6571f654fa3434036a5fe2bbaa726acca26983afe526f55ca7f11593769338d9bb82b324c418b42a944f40fe61f4b8ccb9ee1da166010a1e1eabff007c2ee96

  • SSDEEP

    24576:TyCMEf0Og3j3uE2zJMKq6NliIH/Lju8KUxKxycLjhxiE4A2EbTRMH0FXBpW7430s:mC3f0O8jDpKq6Nl7/j0xycXQEbTRMiXx

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes
  • install_dir

    b40d11255d

  • install_file

    saves.exe

  • strings_key

    fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Extracted

Family

redline

Botnet

jang

C2

77.91.124.82:19071

Attributes
  • auth_value

    662102010afcbe9e22b13116b1c1a088

Targets

    • Target

      947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff

    • Size

      1.4MB

    • MD5

      b42867026fc3ac655d89369edd71a7ca

    • SHA1

      cfb3fb8665299ef09cc465ef07e21e5e3296cd52

    • SHA256

      947ef9ca31f3babb84179d3639474ea0ae18278295a70c56c068dcde4232e1ff

    • SHA512

      d6571f654fa3434036a5fe2bbaa726acca26983afe526f55ca7f11593769338d9bb82b324c418b42a944f40fe61f4b8ccb9ee1da166010a1e1eabff007c2ee96

    • SSDEEP

      24576:TyCMEf0Og3j3uE2zJMKq6NliIH/Lju8KUxKxycLjhxiE4A2EbTRMH0FXBpW7430s:mC3f0O8jDpKq6Nl7/j0xycXQEbTRMiXx

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks