General
-
Target
red.zip
-
Size
9.7MB
-
Sample
240509-rtms6aed2s
-
MD5
f0f1821c3c86679ab661f3e696cd5ebe
-
SHA1
c57a6fb5c371c97fcf1600b7e2edac46cfcabdfb
-
SHA256
d3b7e5cbe2980cd2fb6f7f30eaade26a956ec4a02e71ed37c80b263166b40ef2
-
SHA512
a915a2f5263258ac6a01ec43c9b31608247f8ed54aa0a0039ea26dc00b296926fbbc141a6c216ebac778f4eb6b5f556842a159e588fdd05547816a3cf5222e72
-
SSDEEP
196608:RKqUhbQHxUgkXZTZblEaQwyY8ruuITpZWDOrj0boChNnPHCJ8nDCkuGczw:cNGrkXR9lVzyYWi+OrpsPHCKnDSlw
Malware Config
Extracted
amadey
3.86
http://77.91.68.61
http://5.42.92.67
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Extracted
redline
kira
77.91.68.48:19071
-
auth_value
1677a40fd8997eb89377e1681911e9c6
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
lumma
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Targets
-
-
Target
35c135016a0f649443e821c488d88916ba73f8c81eba1b57cf92cbafb9cd49ef
-
Size
389KB
-
MD5
0ac02c9b8e6f19479620f7e59186e60f
-
SHA1
bbc977716a369583ff74aef66e2048e35f319855
-
SHA256
35c135016a0f649443e821c488d88916ba73f8c81eba1b57cf92cbafb9cd49ef
-
SHA512
f28176a1589d2ea1e835f169d1dff4de2dcf54d2974c32528d61e89ce5209839efb7208ea346cefff1c2197212692ddbbc8352c7bec0b8b4dae0d454d3a6bbed
-
SSDEEP
6144:Kuy+bnr+0p0yN90QEedTBA8dQIkZMXbdJ+VAwNaGiIy4domfZ6YV:eMrQy90iYVMXbhcplTV
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3ab23a30366cb3cfeded88ccba1999ff26ead2bcde69af9aad7e2ed1fa054cc6
-
Size
857KB
-
MD5
0f0d0b0d1763725ce36c1c1db736fc8e
-
SHA1
3a5d36a40ae2f0aa832b88db12e8080f83b8503d
-
SHA256
3ab23a30366cb3cfeded88ccba1999ff26ead2bcde69af9aad7e2ed1fa054cc6
-
SHA512
224c93c379f47a4b1886478c26427daab891b4cdbbacf2dbdce454a8d3acc1c16eda545ff2381cbfe0fb872fe670060471f346986f7fc6ae4007039531322f5d
-
SSDEEP
24576:nyD97B7U1CjyvR3id1Z0Fr4m5lO5x99+wfCbnBYsVj:yDaCjcipq5lO5X9+wqbGK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
3b8cd7306bcee474040656c20f071e99345caea6d53f3bae9bb55dfbe680b571
-
Size
514KB
-
MD5
0c314c3384c85c50e9da541ac5b0893f
-
SHA1
efd1f83a21c41e8a55d9a13e4ed57ea2a7cb7d9a
-
SHA256
3b8cd7306bcee474040656c20f071e99345caea6d53f3bae9bb55dfbe680b571
-
SHA512
70e9b01358106c18fb9553957838b26dbe75e914dd84e062c77ceb7b35820d32e5a3f1be000eeb86a91c432774de8c99ff13a2c77b4ac788ab7c2a978ebe935f
-
SSDEEP
12288:mMrXy90Wc0SidpHIxieOutu7FyVekPhbiAMd1Juj:5yXc9idN5eOuc72vbi9d1Ja
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3ea65c50a29c3ae43f9bd78041b110785429a768b3e006da768baaf12f327b63
-
Size
1.2MB
-
MD5
0edc62a65d1081dc5d7b85b678ab57a5
-
SHA1
1e1448bcce4f519920f50e12cbe27b79418036b3
-
SHA256
3ea65c50a29c3ae43f9bd78041b110785429a768b3e006da768baaf12f327b63
-
SHA512
4ab96c86203104d741c166f1980b04a5e74c1e294b676c4dccaee9eca5308ea729099d7dbfea605b5037181c57c4f870fe0b3ff5008b4f8b2b60ed0f95cc1db2
-
SSDEEP
24576:0g16H28pon7yhsS6RUOviFG7IrCJ366q1FP3fkTV:0O0on7yhsS6RUFUDRVskTV
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
51c9916d6f5b5ac66aa9b7e4343b3d5a2fa54d57996f9b7bb0d4b18987afd8bf
-
Size
642KB
-
MD5
0bc5faf0e7fdbd7657e543edd6737f85
-
SHA1
10b8a75b664245ec610d52ff93e6018790e0f029
-
SHA256
51c9916d6f5b5ac66aa9b7e4343b3d5a2fa54d57996f9b7bb0d4b18987afd8bf
-
SHA512
44a5669177dc9edc2996016254f48b35252e5bcfbc513cbd85cd7405f03d78ec2f86d28071353ffb6cf6ae5411e4e1f5252c2ef4f9d785d867dfb9b88751beee
-
SSDEEP
12288:0Mrjy90oZo0FV0/keZ9Ni15Iv6aCt3JV7i9wQE4Ytm4Nqz/EjCPyZ:HytFjs9NiOCI+Qotm4NAdPG
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
53cf9b6e163fb85f7a2983777330f4b842b13db5809af32dc4a7847702037208
-
Size
390KB
-
MD5
0b1ce353968b0c3b2460ee1c970494bf
-
SHA1
0ad9526a8fd38865222352522661dda4646a7c3f
-
SHA256
53cf9b6e163fb85f7a2983777330f4b842b13db5809af32dc4a7847702037208
-
SHA512
7700968aed5a72650e592ec32e4bbb66bf6a96999b5b1f4844b6845e8ace895ab8a42a6548075ba1755831958be4baaaf2b35824a134cc74e90b3e6f47cb17cf
-
SSDEEP
6144:KZy+bnr+fp0yN90QEMhQGyF4t+9hRuXhVZzbqQvNU0ngBZ+t4yD/FJgvCuMd4f:bMrHy90Shfo3uXhbbqa3gBYCyDtuMq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
64792ffeeccbab6bb3d100eb7b35cb61c8c90b802e42d83350baf6d1ceefbb35
-
Size
390KB
-
MD5
0f8598fb85f2093ef6d50320bb154ef9
-
SHA1
2c59e4a20dfbf7509be558e6d23a13b885643055
-
SHA256
64792ffeeccbab6bb3d100eb7b35cb61c8c90b802e42d83350baf6d1ceefbb35
-
SHA512
4f02ce78063742780afd98688b40d764f5d27b5cc3877c13ab3a616a2d2b92fbbd800bb64548d43f7b58970cbce83143fb75ba2682c2de3bfaa0db19a9c28b75
-
SSDEEP
6144:K7y+bnr+mp0yN90QEkE/euW+jgZlHyZgSKaFSJV1MA3lm7ZP1bj40:NMriy90GxufjgvyZtKOSJxabj5
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
71d1420ff1b7b7e37d536b943d3ba7e0a2fa5972fce4156cbbc73c7416d49d80
-
Size
390KB
-
MD5
0f6e9123147c19f2467905401e618e1b
-
SHA1
917abbb6f211d4a7662c8f05947e799452691601
-
SHA256
71d1420ff1b7b7e37d536b943d3ba7e0a2fa5972fce4156cbbc73c7416d49d80
-
SHA512
151241129262e3de028e744556aa0ae408c5b469996892abd32ddd41dc86bc2a0e496e4bf2ed07c6a8cadff7643e3f0bc9b501eff36dd2b4a90b7ffef1e67e1f
-
SSDEEP
6144:Kvy+bnr+Kp0yN90QEH1EEZn+h2FJ3GVHY+M0NoAsjLSTJHAcihT9/2U8sC2dQ:RMruy90cETW4YdJHnihTcU9BdQ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
7a08e2a624c497b3986fed503c84dd39612ab1fdda740280e5a1514c1aac802b
-
Size
514KB
-
MD5
0fa62ebed394e0d1ca75a047dfcd8883
-
SHA1
c320dd1803bf38cd5822882b9c3aed0c0d2df000
-
SHA256
7a08e2a624c497b3986fed503c84dd39612ab1fdda740280e5a1514c1aac802b
-
SHA512
d36d9c9ce7042ca5942ec1a762e109c21a717057b6895b8d1b74892c6b08ff7b017c7142012685eb2112ac6800344910e8f2086980887641717db5a20fb437da
-
SSDEEP
12288:VMrNy90LyyzBA8YCgPxn4VxjSadSX9zheZnSW:cykXgPaSadSX9tmnSW
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
7dbf05d83f893a3fd85e266599155069e13d532333012d62fa0a41a625878965
-
Size
1.2MB
-
MD5
0ebc98820c6a15e86629ecbf82323a08
-
SHA1
2e443367c537780f39c92d70903bc500876b8f52
-
SHA256
7dbf05d83f893a3fd85e266599155069e13d532333012d62fa0a41a625878965
-
SHA512
8c0d1786416a52444f8920db9ed9900dd902c388519dc9045601f599308adae01cf7592b2dfe81119bcc992b2dae432c6e6df26d6ec739a3a9e3d1d836503b4b
-
SSDEEP
12288:GWbqxxv297HF1HLZVrS5WPMkD+gaxMaRnoN7vhkmUuGZaU0M9cmyel8ePTtYOJeY:Vbqx5297HFpZVrMWP3DpaS1bUZjPSO
Score10/10-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
7f80787d38486459a9c104bc8c42dd78c68e0e27411be54897379c415c7c73fd
-
Size
690KB
-
MD5
0c87128b0af187a9fe71653d1a0e5263
-
SHA1
001166bb1806c1063c1c1cea0ef6098514871057
-
SHA256
7f80787d38486459a9c104bc8c42dd78c68e0e27411be54897379c415c7c73fd
-
SHA512
e276d4155b9d5d0a68c5474f756eef46abf49adeb78ef13f3d70c5c7da785f000c7c55044641e2c6f09a7b2af2f96d60d4f9c0889de4143af59f92779e8696ba
-
SSDEEP
12288:XMrUy90DLtlNOkp0zgKrIv1HTh3K43YALqOoTgBetsh0T7YU1+iiWW1kfd:ryQNeg2oph0AmOoEBeGhVyEM
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9176ff0f1ca08377671891eab2e7fd1bad29e129985b386e1486b543767b2721
-
Size
359KB
-
MD5
0deb769fd0074adcbd5a49ec72fabfb3
-
SHA1
a4653cdcb6a68d1f247079b6357d03d5c7950bb3
-
SHA256
9176ff0f1ca08377671891eab2e7fd1bad29e129985b386e1486b543767b2721
-
SHA512
3de0a84ed28f1d86273fa5a82ba464e4c4c023d334fdf2a22bd21922e1083b8877827adfea963e772e58c268f88632ce513c6d7881ac71f1b478fb3df530b907
-
SSDEEP
6144:Kny+bnr+sp0yN90QETqTMCUajkkQ4sdeBCwcVPCJHNmPm3b23q:9Mr8y905qo8AgsqcV6Jmmp
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
babd836631e288a3898e6b871ded792269de5c0014085887296a642d03a14d1d
-
Size
514KB
-
MD5
0ac62c0d23be9b2b0411eaacea43446d
-
SHA1
bcdb0f062db7feee2ade7f8b39e456b1e8484ef1
-
SHA256
babd836631e288a3898e6b871ded792269de5c0014085887296a642d03a14d1d
-
SHA512
4d4fe35e5af3fb310430534c51e23c045f5179c4bc0a265923847ddae2f668c1b2f7b5a78b8f0cb420d07519b47356fd9eb79d6f9f2251fe7ef79045237be0db
-
SSDEEP
12288:hMrry90Ur1Cc6vD8ZF1dRzBzgsGC9CaRcEixn55HgC:WyRscyPsWn/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
cbd8058875fbf90f6f6a3c6825fab01a2bac4ffb1903f2a0405d451060ea1a48
-
Size
983KB
-
MD5
0f5dcf244539e44929a29fdc2bee6cf0
-
SHA1
d12c4a1527a6910e0f45e5d61c3f0f027cd65892
-
SHA256
cbd8058875fbf90f6f6a3c6825fab01a2bac4ffb1903f2a0405d451060ea1a48
-
SHA512
34b382df4ab8246c87c8a49acf7f37b33ed252c75b94fe47db7699ad20906abbd42b58ce953a5547da064b5fe93c38eab8d64299f85f99706cb8154af039a0fa
-
SSDEEP
12288:dN53wXdk+4w8ea9YVhYu48bkEXjTvrVbJWekouloWnxfKuXl/DeeQA:dN5edk+4wv+YVhYu4rCTvhFanR3XlCm
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
d134576ca7416e71db7bd5aad43296de284dd20154fd0784d9bf45d27603fc48
-
Size
390KB
-
MD5
0ee61794cf7e5502cf233be168d461d4
-
SHA1
eaaa82aad6309480ea83e8ce6bc8ce19f52e3bbd
-
SHA256
d134576ca7416e71db7bd5aad43296de284dd20154fd0784d9bf45d27603fc48
-
SHA512
4dcf9ede6cdde27077aabcff5f8085d86691d8d76bb4166e741d0c5ad70fffbeb4dfd3fb8b9e4a57b859de70e3b6148b508920a229ed726e2b595a7e1f334575
-
SSDEEP
6144:K4y+bnr+Mp0yN90QEQw4t9gTwevTqZFJTTSCDW7fqgfjr7f:oMrsy90z4t96TqrJzD49rD
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
da09729d570cd93ed61c515d8407a5f4b201aca65e870a52b3082a39645d32e8
-
Size
517KB
-
MD5
0a0496a64597ed2a279826f1f99e8b80
-
SHA1
a56286aca00d98cc6dd17e0a0ca0776d270f6934
-
SHA256
da09729d570cd93ed61c515d8407a5f4b201aca65e870a52b3082a39645d32e8
-
SHA512
f6d434ff7fe88438c872da5c09771f2bc4c3d6dfa3027cdeea95f5b357fe722bc9c197921ee929bb21651e3678dc30c606c5474ae3571178ea9613f3abf64e4b
-
SSDEEP
12288:XMrny90SGsys5qsuyfEBsRv9isNkG+Oce:Yy99XuysQjuFOce
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
dcfab037f7269dd60bc810f260b86d7331030c746f879fa94f4b6bf922ae96a0
-
Size
390KB
-
MD5
0a95874b2a8162c0b6b4ce17301f8305
-
SHA1
382fba3d10bfb1ee65a9392c0927aadccedf51f1
-
SHA256
dcfab037f7269dd60bc810f260b86d7331030c746f879fa94f4b6bf922ae96a0
-
SHA512
448a75c424f9d1b068a2df1df6a70ecc1a87bf34109e3c4ba977180344564e96aa9c542e9ed2fb1408944b28f71f99cd001ea5e3ca5a28ecbe53f02e88b3c59b
-
SSDEEP
6144:K6y+bnr+2p0yN90QE+kwYCLqDGN01RODsqLf1LLPZfJHw9CcHnlRHYX34gba/:iMrmy90bewGNGROfL1LLpJHtcHnl9C2
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
eca60134d922b4bca2cb5060841b6d45581f33e04f763a9c118fc9f22e289e3f
-
Size
856KB
-
MD5
102cc57cf59a9b99f5615c58ba8ae4a2
-
SHA1
0e92c89813cae891a354a5feea121b2aad6d77ab
-
SHA256
eca60134d922b4bca2cb5060841b6d45581f33e04f763a9c118fc9f22e289e3f
-
SHA512
7d1cab053e2b8aa3b66f866f3beff4241c85fc9d17ee6b1f7b8b1c6964b7aca133cf2ae080feb91e0b82f304d45f2556d88e072274bf17bb7cc479d3744c2409
-
SSDEEP
12288:6MrMy90GsPfX7+uwEvNGQdJ6HpKFKeVNxsZMQDkbQFUoSCfd07Cw:+yqL+ubvUQyHkFKaxsZZugRw
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
f16db96028a7afeb1141a5506032310d36b0354cd63f796d585fdd9cd3b2c8f1
-
Size
920KB
-
MD5
0bba6c5a8b9979a2241f1450ba08acac
-
SHA1
823b3a858ce440a6b30ca707db2a28ef5596fdff
-
SHA256
f16db96028a7afeb1141a5506032310d36b0354cd63f796d585fdd9cd3b2c8f1
-
SHA512
8d23fc817ef2cb576610036221c22b4b7ab5697dad617de7bc6f656619e9764f9f126db0e02a2a79d7a55d2bdcca68477f77660d789d9676d7750aaa0692167c
-
SSDEEP
12288:+Mr9y90+HbQau2ZVqMaLa1SZpRgJf+X+dPWgI8Fitq2UudtD79LEN6nt1S:7ydcoVY8SZp6JfRPHvFujZwN6na
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f5957f382ef0f17bbf1d83cc0b5d4f133ae56c9c5a3101548b66b2462dbe9b6a
-
Size
390KB
-
MD5
0eb1fbc2d5ee4ff34ade8b4c2253e955
-
SHA1
ab76633544a01eea4234f73c227c439ca8749eee
-
SHA256
f5957f382ef0f17bbf1d83cc0b5d4f133ae56c9c5a3101548b66b2462dbe9b6a
-
SHA512
f0548458151c70d6abdda3e15d88c3dc5acc3cc3bbc10d0c2168a9166895217541a125f31d4810ed27e270199b1834330b8e7f0d2d5896300c10dd4b742d23c7
-
SSDEEP
6144:K6y+bnr+vp0yN90QEXDpy8+SzJ8b9UVB4pAj03UzOPE5iVWhM0ZihJ115sS:WMr7y909fb8b2bBQUcsiiM6uJ1/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
15Windows Service
15Boot or Logon Autostart Execution
17Registry Run Keys / Startup Folder
17Scheduled Task/Job
13Privilege Escalation
Create or Modify System Process
15Windows Service
15Boot or Logon Autostart Execution
17Registry Run Keys / Startup Folder
17Scheduled Task/Job
13