General
-
Target
7ef92ac88c81b71b2f95eaad23367589f2451be1fe78ce04ebbb8ca96ad43b24
-
Size
1.0MB
-
Sample
230903-yqerpsbh6w
-
MD5
72d3a2328e718dfb0c2a9f15e7d7cf87
-
SHA1
caa323f32e0d9a04d49e2c05bd7aa9c6239d07d6
-
SHA256
7ef92ac88c81b71b2f95eaad23367589f2451be1fe78ce04ebbb8ca96ad43b24
-
SHA512
0d46b347477e2d9fe43e427ce17b4a2c9455c4538d850b47aa75d86b71927f88a8e3a463156cf33c5fd601446574c2591b023e6488f9f8434018a0a29f593712
-
SSDEEP
24576:vyWEGvsqOYMwSH46xpcqnoD+9onL2KDkD+NMcfRx:6WEGvsRbH4acq02KDkD+ac5
Malware Config
Extracted
amadey
3.87
77.91.68.18/nice/index.php
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
Extracted
redline
gena
77.91.124.82:19071
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Targets
-
-
Target
7ef92ac88c81b71b2f95eaad23367589f2451be1fe78ce04ebbb8ca96ad43b24
-
Size
1.0MB
-
MD5
72d3a2328e718dfb0c2a9f15e7d7cf87
-
SHA1
caa323f32e0d9a04d49e2c05bd7aa9c6239d07d6
-
SHA256
7ef92ac88c81b71b2f95eaad23367589f2451be1fe78ce04ebbb8ca96ad43b24
-
SHA512
0d46b347477e2d9fe43e427ce17b4a2c9455c4538d850b47aa75d86b71927f88a8e3a463156cf33c5fd601446574c2591b023e6488f9f8434018a0a29f593712
-
SSDEEP
24576:vyWEGvsqOYMwSH46xpcqnoD+9onL2KDkD+NMcfRx:6WEGvsRbH4acq02KDkD+ac5
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1