Overview

overview

10

Static

static

3

1099cec3fd...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1099cec3fdcb3e4b1e4c7c2350c146f6f715e25bdecbe02fea6cbdb9fc0cc1ac

  • Size

    1.1MB

  • Sample

    240428-xbsjkseb24

  • MD5

    e9b3ad4220c1429358929ea6f13c3223

  • SHA1

    90f1105052ce197fd93fa9228be278d6be1873ac

  • SHA256

    1099cec3fdcb3e4b1e4c7c2350c146f6f715e25bdecbe02fea6cbdb9fc0cc1ac

  • SHA512

    0e6048f609a4a634e4ade6b0ac4eae94ff08025989bcad7aacd10485a4860190cd492889d70c3083acec25f400203e3bb3d8b885d8e835bfcee54e839c7e3466

  • SSDEEP

    24576:yy9UPkRa6jJatWFGggibBSvpYxAyJxj1GuFCmrPzA37:Z6T6datLokvpYxAM1GuAmD

Score
10/10
amadeyhealerredlinezgratdropperevasioninfostealerpersistencerattrojan

Malware Config

Extracted

Family

amadey

Version

3.80

C2

http://193.3.19.154

Attributes
  • install_dir

    cb7ae701b3

  • install_file

    oneetx.exe

  • strings_key

    23b27c80db2465a8e1dc15491b69b82f

  • url_paths

    /store/games/index.php

rc4.plain

Targets

    • Target

      1099cec3fdcb3e4b1e4c7c2350c146f6f715e25bdecbe02fea6cbdb9fc0cc1ac

    • Size

      1.1MB

    • MD5

      e9b3ad4220c1429358929ea6f13c3223

    • SHA1

      90f1105052ce197fd93fa9228be278d6be1873ac

    • SHA256

      1099cec3fdcb3e4b1e4c7c2350c146f6f715e25bdecbe02fea6cbdb9fc0cc1ac

    • SHA512

      0e6048f609a4a634e4ade6b0ac4eae94ff08025989bcad7aacd10485a4860190cd492889d70c3083acec25f400203e3bb3d8b885d8e835bfcee54e839c7e3466

    • SSDEEP

      24576:yy9UPkRa6jJatWFGggibBSvpYxAyJxj1GuFCmrPzA37:Z6T6datLokvpYxAM1GuAmD

    Score
    10/10
    amadeyhealerredlinezgratdropperevasioninfostealerpersistencerattrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detect ZGRat V1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Detects executables packed with ConfuserEx Mod

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks