General
-
Target
red.zip
-
Size
9.0MB
-
Sample
240510-skqn5aca6z
-
MD5
fc20541143bbcc733549002a41e4963e
-
SHA1
4d4d44fe3e57853f2d301bb5b506f90953c6a37b
-
SHA256
19ef966a051fb80a7e9a4c226171784888184c9e12f75a8cc5d88da9ecab375f
-
SHA512
37647960aade7c293db5b9ba3b174881cfd79779433fa78ea804c726b0adec4d3f49557f35836ff0344dea04f13d798cd22f44f2925a47aa0213424847cbd9c2
-
SSDEEP
196608:EAF1AyxOqbDPBCFHWCVWIGJR9khf3Rn9M/iYTknx:EAjA6bD2WCkzMMp0x
Malware Config
Extracted
amadey
3.86
http://5.42.92.67
http://77.91.68.61
-
install_dir
ebb444342c
-
install_file
legola.exe
-
strings_key
5680b049188ecacbfa57b1b29c2f35a7
-
url_paths
/norm/index.php
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Extracted
lumma
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
https://boredimperissvieos.shop/api
https://acceptabledcooeprs.shop/api
https://obsceneclassyjuwks.shop/api
https://zippyfinickysofwps.shop/api
https://miniaturefinerninewjs.shop/api
https://plaintediousidowsko.shop/api
https://sweetsquarediaslw.shop/api
https://holicisticscrarws.shop/api
https://cleartotalfisherwo.shop/api
https://worryfillvolcawoi.shop/api
https://enthusiasimtitleow.shop/api
https://dismissalcylinderhostw.shop/api
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
news
77.91.68.68:19071
-
auth_value
99ba2ffe8d72ebe9fdc7e758c94db148
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
redline
kira
77.91.68.48:19071
-
auth_value
1677a40fd8997eb89377e1681911e9c6
Extracted
redline
7001210066
https://pastebin.com/raw/KE5Mft0T
Extracted
amadey
3.87
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
redline
naher
77.91.68.48:19071
-
auth_value
62708e72becb72a24cf8843b46acc6a1
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
06ca8c24aac1dfc98dcff3632bd9a2a735d5a57c7e634d8c9100f6446b5423f2
-
Size
390KB
-
MD5
cdb9f33e3db3faea925260edf3aeb4c9
-
SHA1
f5c2a6b9bf59a9901d79f6b3c123140433def0ba
-
SHA256
06ca8c24aac1dfc98dcff3632bd9a2a735d5a57c7e634d8c9100f6446b5423f2
-
SHA512
1579fa476abc80b2180471e95ccebb0adb6c2beb7e970867d699b7fd03dcf977e5695826ba20c7b3855ddd4d0f04530c3df1a8e8eca458643261a13bf14a4042
-
SSDEEP
6144:Kny+bnr+5p0yN90QEfWKctyhWbGhdlACOpb6xtV6LcfkvlsVAAxuL:hMr9y90AfMlwpWwLcfb9x8
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
0a65c977910ca28680d005dc6473013f3db66862b80fc54be76caaa774022bd1
-
Size
864KB
-
MD5
c86ea9744ea3cca905b7657585568de6
-
SHA1
ba018b2d08a84d2e411b27e314cb8a23a06865f8
-
SHA256
0a65c977910ca28680d005dc6473013f3db66862b80fc54be76caaa774022bd1
-
SHA512
720bb844157dddb335fd3660b32ee9bec30ae3853fe5b26d3194ea517481a9f6b265b977e5d8bbbc92316f7ed9d173380192d93ab3b4fe2521d26462798c05b8
-
SSDEEP
12288:9MrBy90lDtGyHT69dmXPVxG0IYjxSkZiUnt6YdipFOj47Ec0yWLcp6pSa8YmZ41:kyQtGyHh9xV5QFpQj4T0HLc5NtO
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
131675744e12e01eb73fd34a82dd03d2d5ab80bd88b854836a13d0065e536c29
-
Size
1.1MB
-
MD5
cdbe20f934581f5c98cf64bba69e40c7
-
SHA1
4952ea7971e0cf5e9e9db73003b789af8df9c9b2
-
SHA256
131675744e12e01eb73fd34a82dd03d2d5ab80bd88b854836a13d0065e536c29
-
SHA512
5da129aace6efdeacffb11f38ad3aaffa9737dd6617c0968f1db6b95e149e380fad2418dad7584c033d4827519609841e1837009a1b00a31136895631b861360
-
SSDEEP
12288:TMrzy90lhQNUVdkipE9ZCoTsNl/lewqlgMVyaOZW/ybxUfAoAp3LlrGvP8cemBD4:MyA1CKoTsPleJdmOwxaWZtSBCYg
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
204413b9cda0920c938a88543e17b0124930d45599fcfef01c7c4af30f9266ef
-
Size
481KB
-
MD5
cd9e74d31ad900df3044037332aad9bc
-
SHA1
fa3492a1e9d6c352f7b72f39031b23ac640a74bd
-
SHA256
204413b9cda0920c938a88543e17b0124930d45599fcfef01c7c4af30f9266ef
-
SHA512
b1597ad7151a0c2fda644a72f869d81e0a834ec3c817c165e50ab137ecc0166db3e7ca6b5fe96b9bba88ca1f37b9335a973c77d0011d30d3c40a53d4495567c5
-
SSDEEP
12288:xMrPy90rWE0e5pFBKxVQhKzJQVTw8v+4yxWG:6y0Wv8QakzSTfvan
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
236732ce453b741f26e2fb94d54ade44d3d1ae332c52f6d420a1dcc1c8d05dd5
-
Size
694KB
-
MD5
c8032b42738527a70de1dadc4a7bff5b
-
SHA1
f5f778df15d4e14503bea0f654cf9427ba050a38
-
SHA256
236732ce453b741f26e2fb94d54ade44d3d1ae332c52f6d420a1dcc1c8d05dd5
-
SHA512
babddfaac51c11952a79047852b01c499075acfe24e91dac46a5c590a31be1e4e71df5b1daf27254d9d608fa7345839790f8a550e04392de7f625c5d6b22a97d
-
SSDEEP
12288:OO0Jg3ZJ7hWFArUqHsjumNFcF9gopM3bcgsqV5P3JkTC:OJJU7hWFuHyumzcCLUqV5v0
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
-
-
Target
23bc83a4a63831c87e6d79e2b366e2534c967a13a377e66f4d92e226f9e8be94
-
Size
307KB
-
MD5
ca2ad17b64a10b961c2b14a7e47a8030
-
SHA1
a339ebb686b832fc87af3c287f67d8ef52e140e8
-
SHA256
23bc83a4a63831c87e6d79e2b366e2534c967a13a377e66f4d92e226f9e8be94
-
SHA512
ad5e5a03336562d58b02f2556eb833fe3c39d2a7c47584379059cc5a584be1efc981cde4c84a350a4bb244502a73fb7bf0bee7b03b4ef002bb6ecc17d3caff04
-
SSDEEP
6144:Kqy+bnr+2p0yN90QEw5F5OYc1u31g4TByUo0b4jut7dJdVRbpDXtOBC:uMrCy90qxc1u31TTEt0cKt/tOA
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3c35dfb6ea626f1c886ef4aa2783e8564f7331e639f222d5e208b3a6840a2bcb
-
Size
514KB
-
MD5
eeed819879e60a78356884c79cc1176d
-
SHA1
73182a6228fb1978bb85b750939e58083733dae4
-
SHA256
3c35dfb6ea626f1c886ef4aa2783e8564f7331e639f222d5e208b3a6840a2bcb
-
SHA512
ec81ffafd04adfeb3849df9b2fc7f501b652124b0d3d40c2adef0f53a95fa17385a955ddc5f6598893572ae8e3a067cc80f7ae5a2600f5ce1514395b7e83a8bf
-
SSDEEP
12288:gMrDy90VStL+T5sUZjdKCjNhbdg9f23ulFmoU61Z/d0Z/+mxQz:zyAcIHH5r4rmj4W+m0
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
42aaf3452f3dbd3fec800b9307def7e1463e88016e6585d09719f8642ef8f491
-
Size
389KB
-
MD5
cdcecd3749891f697a0af96762cb9124
-
SHA1
b31636aa34b1b3eeb7caefef82c37f2f093c6b64
-
SHA256
42aaf3452f3dbd3fec800b9307def7e1463e88016e6585d09719f8642ef8f491
-
SHA512
3e6576b30044df2139e96401cf30439229ca0dfc3f3df77d4fcad7aefb5f9ae2112df018e8fb655505d0ea79eee96ff2580aa148d60cd93fddc55255d37bd044
-
SSDEEP
6144:KOy+bnr+3p0yN90QEHP8pAkeKHGqQ4ewNu043Hvyj6qxNnUvDrqmPB:eMrny90himqQXWMHG6qX+rx
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
42d39578cc12683f8a0abd7ba86e5c4ac7851f250280f34750b593a37c4d87dd
-
Size
307KB
-
MD5
c3144993ffb5e02297c6ff3f4819def7
-
SHA1
4c89bd13f54211cef5a2d4c7588f4aa133206b6e
-
SHA256
42d39578cc12683f8a0abd7ba86e5c4ac7851f250280f34750b593a37c4d87dd
-
SHA512
3d308a292866753ae68de637f1389d221df569416844a813729477adfa46b37739aebf6df3a9d1f0dcafe895efa6d273b855073bfa0e97869265b522c69557dc
-
SSDEEP
6144:KUy+bnr+7p0yN90QEF5F5OYc1u31g4TBy+1y9Pb6I:sMr7y90Rxc1u31TTEpb6I
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
4f4e29cb128488d30d32248cb2cc720bcd2a3a531f5757ba469b1e3291917c50
-
Size
307KB
-
MD5
ff629d5a8b6c5119b595f0dbf64ae3cc
-
SHA1
1d19a95932445aa394199c9c28f128d8e6ecb203
-
SHA256
4f4e29cb128488d30d32248cb2cc720bcd2a3a531f5757ba469b1e3291917c50
-
SHA512
f04b5e039818ccf823aa9a8836c392d457ddc3ad2e24d62acdba1da7ac429fe4e0c0547992b00c7a66f00524f6dcea85f8716d5ec8157e4c26835a077e0c708d
-
SSDEEP
6144:Kyy+bnr+Dp0yN90QEJ5F5OYc1u31g4TByTF8ttF2P+9UZbrBu:mMrjy90lxc1u31TTEytL9arBu
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3
-
Size
492KB
-
MD5
c40f810518e4290ab7fc1e07e5c83ff9
-
SHA1
9f8bc2e44eb00b71047c04864e007225eb9779c9
-
SHA256
566c1670c8a5f43ec35b831518b15cf388fbddff2c3ba3ffc8167ac1bf0a1fb3
-
SHA512
044be66f51e52b07e77105dcf1ab2b1c099636eaa557124e5e442b6c6383564d578c21f1a6a0a0a0caecb433a16a3f552b27aa5e714cccaf9bc01f2b741335fd
-
SSDEEP
12288:d4w4rJNNGCt//w5qVN2iu79mnxhyC4GNq/SBoCe:/4rfN5Xw5qVN2H79mrymyR
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
5b49e20d688471002a1cc866e323e32a0e0a2f1e92fd2f057979cd27a850f44b
-
Size
390KB
-
MD5
c2d23a53e4099c1c7126c1e6e332fb12
-
SHA1
22f111c42bff48f88be368920886195dc990b3fb
-
SHA256
5b49e20d688471002a1cc866e323e32a0e0a2f1e92fd2f057979cd27a850f44b
-
SHA512
7251bc4c9dca30f08baafa1e4b9572a20d026a351ba7b5482190f605b41087a25da0f259e0742adf796f556a42b5d09e1a05d0909ae947a830fdd30ffa280bc5
-
SSDEEP
12288:5Mr/y90WOOEnMEY4/7kJByGYpEzPCGDk:myZpEYgO55zaGDk
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6a07da5bb14797863c49fc62e415bb280c201c446e8d5746c3ae106bf92ceed3
-
Size
480KB
-
MD5
d0af8af8d2bcdbd767a498fb7e6f8691
-
SHA1
541130793b06d9e8862d9855c3ca8f4f0e57f2fd
-
SHA256
6a07da5bb14797863c49fc62e415bb280c201c446e8d5746c3ae106bf92ceed3
-
SHA512
674829bcdf6da9937c5c3da750ceb5545895d19fdc4c91944f26d98340b10daea3c6b75b694997b42927fbbe2e40bf351882a2cec791e051d6e82c5c1c5fb615
-
SSDEEP
6144:Kwy+bnr+sp0yN90QEyOOcgDn3CM/XeWEDBmCfbAHreBzNMReKIRuOyIk9AvXTLSa:0Mrcy900n3CM/YmtUNPKqUBAvXH
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6fca9c5ffc57888f92c438ff3dd7d9247b7f7e696e9a6b1b63c3aa2a801b0625
-
Size
515KB
-
MD5
c138f8ea750795895b64bd99b1fcd8da
-
SHA1
b815664dadb4d1ff91862b2af099b84b230e1aeb
-
SHA256
6fca9c5ffc57888f92c438ff3dd7d9247b7f7e696e9a6b1b63c3aa2a801b0625
-
SHA512
d6056b12443f399230bc7a469f11ae18fbe83915ac64966d4650ebeade16f6ae5033a7dc66415bbdc4e5f740a7568b1ee18dafb4ded14bee85b3c40e3350a6ee
-
SSDEEP
12288:kMr2y90vRliN0WXndhbap8sQM9oVgswQWT3l:Kygi0andh08sQM9oVbol
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9a7761a218bd7bd89d897848e3eafea1a05f151c3ab44668124ffa35c4d3a743
-
Size
527KB
-
MD5
cda96eb769b520de195cae37c842c8f3
-
SHA1
a1c8d0bbee8c109fabf1cf26ac3e9af0fc110341
-
SHA256
9a7761a218bd7bd89d897848e3eafea1a05f151c3ab44668124ffa35c4d3a743
-
SHA512
11fe27e375077ad59f0adee3de6ccc32783244d68911b82d76e5a49001dcd3f1e0311abcb1f7e6f51a11dc057cd17b32ae4af36cd25d227ce8f0710ca5cc2e44
-
SSDEEP
12288:6piut3k/AJLoyg8UwaEHQ9Ec131pHBF3tZ60juFF0Xp:6pi1/A8zEw9Ek31dD3P60V
Score10/10-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Suspicious use of SetThreadContext
-
-
-
Target
9c63b1ba6018935ad5e5fbb92f79d2bbd6eeb9ee0520ed5cbe7b9e1213eb33a6
-
Size
1.5MB
-
MD5
c30d6278694817d3cc99f6ff5265da74
-
SHA1
350567243f65ea38c3bcbc24fc93272e4e46217b
-
SHA256
9c63b1ba6018935ad5e5fbb92f79d2bbd6eeb9ee0520ed5cbe7b9e1213eb33a6
-
SHA512
3963175ae52c90b743dbcc1b38220ab2abcc10916558053c1a6f13ac52ca426aec2394ddf5220f482c48ad9e08955704b4764289c26f50a45ee648297b5b4a89
-
SSDEEP
24576:cy51XtT3ttYzCJsw66AMLRzIdYiQceweiSKE70EpUSn6qY0I+mUNNqU:LHXdttB0uJKjQTkE73pBDY0I+JNg
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
c4172a7d8d27c8367cd7a3b7b3d410e4678ddfd8748e6bf631c21e8f639c7efa
-
Size
297KB
-
MD5
c2f5800951ca0e25d1c9c4a304584dc5
-
SHA1
ce90444d162d1a9309374f052bac3bd8b12e3884
-
SHA256
c4172a7d8d27c8367cd7a3b7b3d410e4678ddfd8748e6bf631c21e8f639c7efa
-
SHA512
6280df39b12c1069e4c54173674ffb00494eda397ff212a5ee21679d5fb3f696b1dec2ccb6ddbc6519b6728df361786934c15646517dc2806993260f25837d2a
-
SSDEEP
6144:sk87zE8yF+JnF/1VVsNx0X4j2UwnGp6m7Bzg5+671wW4WvCoCe:187zE5iwNo4cGBK+cwWMoCe
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
c69d581e2c9751820b591c60023bbffd16aa66ad26d0c76b20574cdac2cc7be2
-
Size
320KB
-
MD5
c7c86ccb7a8447c0fc280c1677d5bdfc
-
SHA1
47c05e0511f3d29afe982bf266cb420cc85cb0fb
-
SHA256
c69d581e2c9751820b591c60023bbffd16aa66ad26d0c76b20574cdac2cc7be2
-
SHA512
5015e11b3d4857a07cfd27d5f176721b0eeede05e675ff6ffb2546126853164f580bedcc847d9ceaf9a9916478a8c41355015c2c2764124b7e47dd2521ab13e3
-
SSDEEP
6144:K0y+bnr+Up0yN90QEqrKEP3ve7yRfsK6KRFjEXtaBv762LA0iRddbIq5xA:wMrQy90cKU/e7RK6KRdEXYp7tbiv1x5W
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d6c7041aa6a01fcdc7f6a9f60c8eaf8edcbcc73cb1802bc3623346b3b3219693
-
Size
332KB
-
MD5
ce35bf4ea4182f8e3524a14e10e90972
-
SHA1
c9a5c28fdbff5ad0a285291142abe592fe9e8688
-
SHA256
d6c7041aa6a01fcdc7f6a9f60c8eaf8edcbcc73cb1802bc3623346b3b3219693
-
SHA512
fd454377a77f900510b2855e6e9954cc7648277404cdd85b8e85b1f2d8e0667e9aea261c660b8d88551d1cdd816bc77d8719edac10b63067aa75f1fc7ee38341
-
SSDEEP
6144:U1Bwp/lwz9PI8/T6f5mUz7S3RMyghFbHDju9DPUgAOGsf+0Xp:UPjz9PI8/Tzeygzbjju9YgAd0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
d9d3f90c8cee71d17c70e5d1c7d465726e06b1c7cb5b617fd47d203403a1e439
-
Size
315KB
-
MD5
cdff25efc7f7e69dc426b36f31b873ed
-
SHA1
339a84e0af5d6442c2b11eea5f802635cbc0c776
-
SHA256
d9d3f90c8cee71d17c70e5d1c7d465726e06b1c7cb5b617fd47d203403a1e439
-
SHA512
f1ca99cbe6e504d5e695ccb31dafc3b8b4e01faaed77d3058163011add4a47159ba4629e98b422145cefbea0dc07216e5c36837545911f800378f636bf700fa3
-
SSDEEP
6144:aH9pI60nbM8uPZy3+8KIDwZuNVXSZmn3qPOYTn/MHBXHS:e9+60nbnujZaMY6pjGHS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
13Windows Service
13Boot or Logon Autostart Execution
14Registry Run Keys / Startup Folder
14Scheduled Task/Job
7Privilege Escalation
Create or Modify System Process
13Windows Service
13Boot or Logon Autostart Execution
14Registry Run Keys / Startup Folder
14Scheduled Task/Job
7