amadey | cd2caa8104e33386814bde75c50231c48449806dd3232dfadbabd54c4790d27a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

cd2caa8104e33386814bde75c50231c48449806dd3232dfadbabd54c4790d27a
Size

136KB
Sample

210829-v5vkmmm42s
MD5

c48f777afb5363b793fa21ae55f1e2a0
SHA1

f44eea95f81ac4cbf0e1e05893d5d7db18840fac
SHA256

cd2caa8104e33386814bde75c50231c48449806dd3232dfadbabd54c4790d27a
SHA512

ebe407814f8c4a24edea0eef9b01dd283c85dd80a44ab6da6344779c4045eeb89be42303bf092d5d5388bab0076f6e2229fee1215f45757f4306eb16fdcd085d

Score

10^/10

amadey redline smokeloader 1879756210 hello backdoor discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

cd2caa8104e33386814bde75c50231c48449806dd3232dfadbabd54c4790d27a.exe

Resource

win10v20210408

amadey redline smokeloader 1879756210 hello backdoor discovery infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

hello

C2

80.66.87.33:36976

Extracted

Family

amadey

Version

2.50

C2

185.215.113.206/k8FppT/index.php

Extracted

Family

redline

Botnet

1879756210

C2

190.2.145.62:80

Targets

- Target
  
  cd2caa8104e33386814bde75c50231c48449806dd3232dfadbabd54c4790d27a
- Size
  
  136KB
- MD5
  
  c48f777afb5363b793fa21ae55f1e2a0
- SHA1
  
  f44eea95f81ac4cbf0e1e05893d5d7db18840fac
- SHA256
  
  cd2caa8104e33386814bde75c50231c48449806dd3232dfadbabd54c4790d27a
- SHA512
  
  ebe407814f8c4a24edea0eef9b01dd283c85dd80a44ab6da6344779c4045eeb89be42303bf092d5d5388bab0076f6e2229fee1215f45757f4306eb16fdcd085d
Score

10^/10

amadey redline smokeloader 1879756210 hello backdoor discovery infostealer spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Suspicious use of NtCreateProcessExOtherParentProcess
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeyredlinesmokeloader1879756210hellobackdoordiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy