General
-
Target
red.zip
-
Size
9.9MB
-
Sample
240509-w3lpnsgc8z
-
MD5
09b2fd8ab8bb7b21d19e8b0d66b0a6e3
-
SHA1
00619075f6f627abd500cf464e09df5432c0e6b3
-
SHA256
e22a5cadeacc1a9d95354d85bdc17f6ab2dc5d23efe7df6d3d4683fb7b881a52
-
SHA512
c50ad05f5e92f0f7435f46bfa0133064c09f8b35620088a7a20ff51a0aec0abed16109934b23bfc0ffa88d18aa9008203710cef43d3bb8492bc453ebb1b99acb
-
SSDEEP
196608:1m4iK4GFiRjG/y3yqo9i1ZvK/mKdLeNmzDnEFZr+uy5zhIyIk9AoowGThoZ6f:oHDECE+K/nCdIv1eQ9DZI
Malware Config
Extracted
amadey
3.86
http://77.91.68.61
http://5.42.92.67
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
lumma
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
5637482599
https://pastebin.com/raw/NgsUAPya
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
redline
papik
77.91.124.156:19071
-
auth_value
325a615d8be5db8e2f7a4c2448fdac3a
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Targets
-
-
Target
05a0748d48b19e76e2ac6f6c7a81179bc89e5adf95615c3d3417fc86f39342c0
-
Size
296KB
-
MD5
1e1c1e0154da443ce8e83086f29a5838
-
SHA1
5be703f641f5a4bfbf54799747840cd570cd5046
-
SHA256
05a0748d48b19e76e2ac6f6c7a81179bc89e5adf95615c3d3417fc86f39342c0
-
SHA512
df9f5d25b6f7934c8994379cee15ec7b44abaef51823a3abe5499ce1cab047a5a17b4384b7fe1c9edbd09bd1279a71762da95881b3e789942d992acb99bc89e6
-
SSDEEP
6144:xq8jJ6IyLKHndgbV2NNXFZ4Cy12Cao91fNnWs70W5I2vCoCe:k8jJ6xENrZNy12Cn91FnWJoCe
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
16b83c892688e1869a75fcf88075e1a7a0983c284c41a7ff721e23cb6b9c9f86
-
Size
389KB
-
MD5
1e6d0394a9335f03d83a7f498df12ec8
-
SHA1
aa25774159336873d0799b11546d7cec88ebca87
-
SHA256
16b83c892688e1869a75fcf88075e1a7a0983c284c41a7ff721e23cb6b9c9f86
-
SHA512
4bb7c4a3706e4056f6cc38e46dafab8e6bd463a148d5bc46197f7957f750d51c6d98903eeebe5b560283d1e15536bebad88c364e3776d5b804d99f36b8a17393
-
SSDEEP
6144:Kqy+bnr+gp0yN90QE+rBmAS9kW2PZNK9zG1evw+IsQnjCgK83sE6ZnRC7D4I/FWB:uMrIy90wsAS/kBQk6o7D4I6d
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
1e756c3dd2f7e40b65e81817bfdb8988cb9c718ec0f522915ca3dcd647e2f017
-
Size
389KB
-
MD5
4b1795960e7d4aa085834c9a2670aae3
-
SHA1
4cccc41189287ac70bdd813b9c65d539b98a22f4
-
SHA256
1e756c3dd2f7e40b65e81817bfdb8988cb9c718ec0f522915ca3dcd647e2f017
-
SHA512
db3ad4c6a638fe81b8f9d5a0084ab290ee393c73b0d2a31c8302a166cbeb9b6fd834eec77fa9a2b029440cd0f00aa8eb09e0e64a612865fef35a7137e20a68b7
-
SSDEEP
12288:gMrIy90VK1uWtbK9LuUnVQR5Nj9zx3If:4y4ktSLFVQjvu
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2d35abe32aaee5617d43bf1fd2ace13b082a8d22878b2f5ae8136ab65d54742d
-
Size
923KB
-
MD5
1e4d6f387b6127e8e81f9d87c54ab03d
-
SHA1
aaece8294c60dcb0dffa5666c5562dfd1c625d14
-
SHA256
2d35abe32aaee5617d43bf1fd2ace13b082a8d22878b2f5ae8136ab65d54742d
-
SHA512
d462602dbeca21d8aa4b724aa55d44a13a233f651d97894beff0c2f343ec9d1f4d4a13231d7d0ba5e50670aa2cc9df32b812036b50ee6446ffdd926665f62f44
-
SSDEEP
24576:HychlJu+Eka3nZgkWIRqu1ooxDHWC77/UXuE:SchlJha3KkWgH17xDHW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3754d1115a8a0a19cc2164cd88182e48f6c2435bfbbcd6af4c63cc5dc0d61e68
-
Size
390KB
-
MD5
4b24ecf2b34c4c389446939c060ddde8
-
SHA1
0623f7a45306d3849c5045acdac3dbac60039df9
-
SHA256
3754d1115a8a0a19cc2164cd88182e48f6c2435bfbbcd6af4c63cc5dc0d61e68
-
SHA512
2ca6237a5fb45a2f338daacc8309f59df8f7c92f679f40ab96f970509878587dc0ec1537e3bb3dbb4ede5826d47daa5787e019cd50bc4543ba6574b53ac73d93
-
SSDEEP
6144:Kgy+bnr+Pp0yN90QEKOK9pK9K6wWp+BnuyjamdLXs7IgmVK3CcHnlRHm8TttASdt:YMrvy90y3K9FYVdDmycHnl9rsSdt
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
489287cb76171eb013ef8276977586b53061bbfae58f0a22402bd5aa83ff8d28
-
Size
515KB
-
MD5
48d8dd6d47882bd5e0431a0cf6d1a552
-
SHA1
47b7610f1443096d9d442b5d8bce9054c8d529c1
-
SHA256
489287cb76171eb013ef8276977586b53061bbfae58f0a22402bd5aa83ff8d28
-
SHA512
721d7ec4e09ba8f857ce39e3509f688216f5dac18c3e5aaa215633492e04a40b8e9c569ddec5fbaf8b020ae50357990a5336fda52e6dced6437b02502a559708
-
SSDEEP
12288:QMr9y90kVhlZSFHR0jsIpCE5NLNbPbE5uhI7tibmQmYoL:9yTZ60BpCEMuqJ+mEoL
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
4a64601cda22ee78c5a65b16c6140cd47a27949c9b5b09685526fa936b55c3bb
-
Size
390KB
-
MD5
476312e3c4f36a6599bf9978e6d605a0
-
SHA1
ee25d5db5694aadc3a9efaa67fae8a8dcaf56629
-
SHA256
4a64601cda22ee78c5a65b16c6140cd47a27949c9b5b09685526fa936b55c3bb
-
SHA512
2b671eef423f5502edfa8ebda69b3c696bcd9126b97b9a5e0b130e488ced8bf8ef4d47ab9a4d2f940e1c5c44c3246e4dfddd187d98382c2c653a09270c5e44dc
-
SSDEEP
6144:KEy+bnr+bp0yN90QE8QNSryj31/wS5QRv4ZuHAQ3ojb0uDeP9VFh/5OqN6McLO:YMrTy90aQNS+j31vAKR0GzeTFhEqOO
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
4f57ecadcb01211787f5486a7230a8018a0f8a85dfe1ad7b633beb40126c1c56
-
Size
390KB
-
MD5
482b5b5074e9a4dd3dd618255f853f73
-
SHA1
a65442b85c5fac2fe3cb9b5af4ce4bf6238dd1e4
-
SHA256
4f57ecadcb01211787f5486a7230a8018a0f8a85dfe1ad7b633beb40126c1c56
-
SHA512
f8f6d4aa321abaae7e1ef37c03ef3df6b083ec13581328ca73a97022b4e39763102e8b5926b0a105135c6319327213e6a803b0042372bf8beb1d7d3ce83b0ddd
-
SSDEEP
12288:GMrZy90aJyyFZrk62AYWbT4bPwnzmfhx:XyvpTrn0ba6
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
678b5c88fa07f2f823b7edf52683e4214bda0273e380b7a5d2d8c4b6bac35f33
-
Size
514KB
-
MD5
1e6d11e2a9a40c2d205a289ef607ae24
-
SHA1
f26f81b52bed31e6603334652139784d0a8bfaac
-
SHA256
678b5c88fa07f2f823b7edf52683e4214bda0273e380b7a5d2d8c4b6bac35f33
-
SHA512
be2d827e7ad204b3b92c2c83f67a02e62cf4748c6b322493db36b282374d2c53aeb774a6a0f1eb465215e8ce6f956f6ee9f437da9606c8bf1dfc47a036b43d72
-
SSDEEP
12288:aMray90Q3D/EZvDisHKwoWljc/MistLDMn2OxRfsfO0lNKc:AyfEyMY/MiKLDqHRfsfO8Nn
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6ade339142b77016063402bfde9702b7b9bb644452bae38929035daf779beae8
-
Size
1.2MB
-
MD5
49653516356b84287648a3fbb3681ef3
-
SHA1
18d25bf8c3f6c8557d87966f8ea39c8f05f9f875
-
SHA256
6ade339142b77016063402bfde9702b7b9bb644452bae38929035daf779beae8
-
SHA512
87d1127a9caa03f72f3c4b7f6215651e618cd2bad0c46100a5a5c921170d8fd5ba8dae53918efd18de3a8a305c95280b3558ac9d32081f33146e973104cdfc5a
-
SSDEEP
24576:UfBNveElInZKRPgiGiJvvTd1Y/ikf9PvXkfICSTxnO36c:UJ5InZKRPgiGi5YFBPGIjOh
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
6e1ca7d8d7a0c42eccbd5723dfdd5c856c5bb683313ec6d6d042d9ba90afced7
-
Size
390KB
-
MD5
1f1dfc733bf06bfb281880445b8e8507
-
SHA1
f386c9d5de54b5f5e8d5c30432813b6bd5f5167c
-
SHA256
6e1ca7d8d7a0c42eccbd5723dfdd5c856c5bb683313ec6d6d042d9ba90afced7
-
SHA512
8db0b8713009de6accd81b6e61ffb8f1c667dbadf83e8e5cdfe65e234071ee92ddd334e32eaa6871feca7ce4d3651d95d49c7d2e24d8c9f3d2b49a1ddd54864e
-
SSDEEP
6144:Kdy+bnr+Op0yN90QEuUW3eVlNDncJAfIjLX8eunbs4eFmWQN4BlZlNwHixfT4Z:vMrSy90sU+e9o6feXBudNAlZleHjZ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
7a398dd87e73b31bd02e99eea6ac42ac6c884f0fed02dcf0a0a2184a33913555
-
Size
921KB
-
MD5
21150b773bfe5ce3cb16ea03e18d03e0
-
SHA1
4b374d61fa92d29f777a82c7a42d558c697f1a44
-
SHA256
7a398dd87e73b31bd02e99eea6ac42ac6c884f0fed02dcf0a0a2184a33913555
-
SHA512
20bf20fd9c3de71ba4fe46d2b31b5169c6268de44a9e3fa96711c0d93f335a583d836935aafb49efade44e7c1a7587c544af3fc5511123aa6115cbec7d6f1d97
-
SSDEEP
24576:CyFllbMVwT/Q0K3wHNpWhHUZn7CEYfbu:p3lbMVwTIENpYHInXq
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
806347c33e4007046137819a7a108692563d6b877051ff1016faf9a47ec660f1
-
Size
390KB
-
MD5
1d9f3ea52a8b89b8ccfb9d703c7d33c5
-
SHA1
264636a7d26ccf2c82fd20d0f5917353815c85e1
-
SHA256
806347c33e4007046137819a7a108692563d6b877051ff1016faf9a47ec660f1
-
SHA512
18d7abf42981ab696358da845979498007e4afe62c9649f761799512fee89fdd5bb990f893b10df4599a1bd0ef357c1f5fde634205eced29e3548f1ae2bb301b
-
SSDEEP
12288:kMrty900kaBTs4vnRH/sQpYD7cHnl9K+Nlj:Jydka535H/srDIHG+/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
853890cb435781965f3dc9618397058d03c8d3e59706ede7d308b4afe12cbe68
-
Size
514KB
-
MD5
1e403ea018e300ab5fa01dc6722fd8a6
-
SHA1
b84fea8ce4026eb79d8048b8c2af1d21ecf1364c
-
SHA256
853890cb435781965f3dc9618397058d03c8d3e59706ede7d308b4afe12cbe68
-
SHA512
51c703ee4d4c66c3c94d54f96691490b9dddd2260472b48f728f09712b081726e60bc6e1a1df1fe4306b99ab594065512bbce2f44587be7a7461a53dd7c6e244
-
SSDEEP
12288:fMrdy90UdEtCZ8v/PXBqYmXzGNmIubtV4xM6ijMEV:yy7ut3nx0XKNmIucBEV
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
85f2f1ff9ebbc00b11310cb6b89768dcf0eb2032b0a64810fc24c9ec9b4a6804
-
Size
390KB
-
MD5
1e53bac92881f6e30ffce45296b9ea22
-
SHA1
5d52caa9d36a551471b4a3de70cf6fda53dfc62b
-
SHA256
85f2f1ff9ebbc00b11310cb6b89768dcf0eb2032b0a64810fc24c9ec9b4a6804
-
SHA512
e9c69a4b639aea6121f4c4d3701baed30413672a38ac918975f62eee8cff82a5f21fd44b6a7d0ef8f03bd6f63e8adabfdd6008250cf4fe8ddeb28e9af1ac1d86
-
SSDEEP
12288:6MrZy90LWdxWlYoK4/FZDp0gBYCux13lmaj:DyUWd8lYZA7pbzMYaj
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
8ea62cf58512d2544c0f66fbf28e12c7a8344d4a08e8256c968a35de58ccc513
-
Size
498KB
-
MD5
4bcbf97b45320fd1995037b5c2fda8ba
-
SHA1
e5d82af83ef9875c435942d34f79d92a62a65672
-
SHA256
8ea62cf58512d2544c0f66fbf28e12c7a8344d4a08e8256c968a35de58ccc513
-
SHA512
c4ae95de3e086442b19c01b18cb8e9ee12aecff5f2a2f3b96c55f1d95ebe871967f7445e364078209d3a0947805aea492459d2586bf9ab453e11d0cc90f76f26
-
SSDEEP
12288:p9I+5gSN27L4AhsAXjl7p8d0oDrVR583JNPamoCe:I+5/NQx2YRpfoNiJNSPR
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
af1379c2cbc8abd767e205c1b0a8be9e9c8b5765083700eb3fd2313bf3a76e5d
-
Size
389KB
-
MD5
49c96deef87570c04d31914e09ff63be
-
SHA1
3a4e4c8a5173863f6845b3234f9f9e6bc31fdaae
-
SHA256
af1379c2cbc8abd767e205c1b0a8be9e9c8b5765083700eb3fd2313bf3a76e5d
-
SHA512
7a717c5b6cf12cdb56f4f933216cef0e7241003d140b35fe9ba7e7bbb5cdfc0445545e7840f943b01a5e38c009b4fc9ed2f71c5e4854e699c91f2c97643c6327
-
SSDEEP
12288:5MrWy90azBG2m2bq0htHmjM7gBYCQAljb:Dyu2bq0jHmZzXX
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b22005984d343fd352d0b9067646db68950aebfa2c1e0d33b05276c602f98e40
-
Size
390KB
-
MD5
1df02e7a8bd92fc60d7803261f145a79
-
SHA1
c39335bcc97c8ffce40bab53e10054d8f00beb7e
-
SHA256
b22005984d343fd352d0b9067646db68950aebfa2c1e0d33b05276c602f98e40
-
SHA512
72fd0e718691a85b4a7fa73b58f1580efbc5a3416075065955ef266138c1a45427e8ea2d62555e16af7f4b1e6c8e82ae898a2ece8a01f4a91d4296818a94694e
-
SSDEEP
6144:KSy+bnr+dp0yN90QEvcRplPxPItIu+sFW5YVtPgCrSJqO9bBHka:SMrRy90KRplZUwUkIa
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
b567e2a99fadbe5df72750afd38b655036141fe91ab1982084901d6855e1c6c5
-
Size
1.7MB
-
MD5
48726ab44afa6b367798416a0a9ad7fd
-
SHA1
ce93701961e083eb42672752ee274a00a3e1a658
-
SHA256
b567e2a99fadbe5df72750afd38b655036141fe91ab1982084901d6855e1c6c5
-
SHA512
03e8402e4f774dab2157c12264d157bac559a6f259d146b8bfd0592c880308607995e2bf7b53c5e61d1f9ad556601edc9d2b9b1bc9d833a101329c89cd9b8c42
-
SSDEEP
24576:/yT8NOIybemiPHi+dlVXGZ1ph/GauSeqOBNUCLrQ17AGP9+kvHDvkjEvt4kxhlhs:KT8Tybe/DVXGPrxxg0Gra91vLD1x5
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f8896ca2a901da194a2479237a084ee46b329ef65d0a6795eb3717cbbacb106f
-
Size
641KB
-
MD5
20a5e065af0699c936fe4fe95bb9fc4d
-
SHA1
3a645f043b6fb7194ef236fe7a0ae6d92d27f6b9
-
SHA256
f8896ca2a901da194a2479237a084ee46b329ef65d0a6795eb3717cbbacb106f
-
SHA512
d76a5a72fb608dbb3ea7fc76a12b98a36fd408c91886f064792cc7c815a9c2a4db6aa4cc71653af7d435c2e7e9e976e7b9214307370c41496a4b096b9d956bea
-
SSDEEP
12288:RMrRy90JqgSm+g/Adc0TBpV9W601Duz+g++2O9Vwln8aXOTv0vNWgBJTMO:cyAV/bqB/vXrbYD1WyN
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
17Windows Service
17Boot or Logon Autostart Execution
17Registry Run Keys / Startup Folder
17Scheduled Task/Job
12Privilege Escalation
Create or Modify System Process
17Windows Service
17Boot or Logon Autostart Execution
17Registry Run Keys / Startup Folder
17Scheduled Task/Job
12