General
-
Target
4259340b54755ef00df29e31cf6d05224236e9d7ec211d2ca7bdebdb83e411e1
-
Size
937KB
-
Sample
230903-b4zmpsfh9y
-
MD5
2a0d7e73f1c74880c8b0b3697e4d299c
-
SHA1
d865f6c1c4399df461abd2b8c8e0db86e0dd01d7
-
SHA256
4259340b54755ef00df29e31cf6d05224236e9d7ec211d2ca7bdebdb83e411e1
-
SHA512
c8ad4febc40aea8f7392e95216d41a8c36c28041f4793c3026ebe98c79844e97d57a8d27fcf792bd99093a7d0158dd96269d0846944a6834aaa38e870ed96583
-
SSDEEP
12288:RMrgy90iM0QsoMcKYsmVF9zBiMCcNAaSEGHQI23rLRKKYylvrRlB7xfDalPG2PU6:9yMbKNm1tB5SEWc3rLRllFkPGulp
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
narik
77.91.124.82:19071
-
auth_value
07924f5ef90576eb64faea857b8ba3e5
Targets
-
-
Target
4259340b54755ef00df29e31cf6d05224236e9d7ec211d2ca7bdebdb83e411e1
-
Size
937KB
-
MD5
2a0d7e73f1c74880c8b0b3697e4d299c
-
SHA1
d865f6c1c4399df461abd2b8c8e0db86e0dd01d7
-
SHA256
4259340b54755ef00df29e31cf6d05224236e9d7ec211d2ca7bdebdb83e411e1
-
SHA512
c8ad4febc40aea8f7392e95216d41a8c36c28041f4793c3026ebe98c79844e97d57a8d27fcf792bd99093a7d0158dd96269d0846944a6834aaa38e870ed96583
-
SSDEEP
12288:RMrgy90iM0QsoMcKYsmVF9zBiMCcNAaSEGHQI23rLRKKYylvrRlB7xfDalPG2PU6:9yMbKNm1tB5SEWc3rLRllFkPGulp
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1