General

  • Target

    2188765d33dd01c43418d0769b77ccafe73dea9c0d86ce909ffb6db412d4a48f

  • Size

    1.2MB

  • Sample

    241111-bwktkszdnc

  • MD5

    3910b9eba6857aeda8c9de8381c67f5a

  • SHA1

    22d8f4e042a785080d8c410a856711679f8a2d4a

  • SHA256

    2188765d33dd01c43418d0769b77ccafe73dea9c0d86ce909ffb6db412d4a48f

  • SHA512

    87627f21b70bdfa587abe9303bba9dc1406faff8dddac49fe74e3e3b9f6b242698499a81a1189a6318ede535a886e2d144676c2fe274b3de4d339313b8648b96

  • SSDEEP

    24576:P1ZsBTEorSUm/X0ajcGd9lD3PMRY88PMrLC7rV1Rx/F:NKdfrlqVQE9lj4J8UrLAh

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

9c0adb

C2

http://193.3.19.154

Attributes
  • install_dir

    cb7ae701b3

  • install_file

    oneetx.exe

  • strings_key

    23b27c80db2465a8e1dc15491b69b82f

  • url_paths

    /store/games/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Targets

    • Target

      2188765d33dd01c43418d0769b77ccafe73dea9c0d86ce909ffb6db412d4a48f

    • Size

      1.2MB

    • MD5

      3910b9eba6857aeda8c9de8381c67f5a

    • SHA1

      22d8f4e042a785080d8c410a856711679f8a2d4a

    • SHA256

      2188765d33dd01c43418d0769b77ccafe73dea9c0d86ce909ffb6db412d4a48f

    • SHA512

      87627f21b70bdfa587abe9303bba9dc1406faff8dddac49fe74e3e3b9f6b242698499a81a1189a6318ede535a886e2d144676c2fe274b3de4d339313b8648b96

    • SSDEEP

      24576:P1ZsBTEorSUm/X0ajcGd9lD3PMRY88PMrLC7rV1Rx/F:NKdfrlqVQE9lj4J8UrLAh

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Amadey family

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.