amadey | aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623 | Triage

Submit
Reports

Overview

overview

Static

static

f997fc9407...48.exe

windows7_x64

f997fc9407...48.exe

windows10_x64

Sharing

General

Target

f997fc9407991062241af5442395f248.exe
Size

623KB
Sample

211220-xs8bcscdhp
MD5

f997fc9407991062241af5442395f248
SHA1

65e35087a12acb4e7cf06fefd944c812300c53ef
SHA256

aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623
SHA512

32d9b1c9c08085d803979d472b7a8f20e4e710c2fc9113abb6126116d5e693d7d7f3183d11ecae01e504c30c3bc9b79ad88448574e7c9e78c7f0ce0516a70d7b

Score

10^/10

amadey neshta redline runpe discovery infostealer persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f997fc9407991062241af5442395f248.exe

Resource

win7-en-20211208

amadey neshta redline runpe discovery infostealer persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f997fc9407991062241af5442395f248.exe

Resource

win10-en-20211208

amadey neshta redline runpe discovery infostealer persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

runpe

C2

142.202.242.172:7667

Extracted

Family

amadey

Version

2.86

C2

2.56.56.210/notAnoob/index.php

Targets

- Target
  
  f997fc9407991062241af5442395f248.exe
- Size
  
  623KB
- MD5
  
  f997fc9407991062241af5442395f248
- SHA1
  
  65e35087a12acb4e7cf06fefd944c812300c53ef
- SHA256
  
  aafd6e7487c5c216557edd7a6d58fd7e24a5d8f37d0081cc79949173b0822623
- SHA512
  
  32d9b1c9c08085d803979d472b7a8f20e4e710c2fc9113abb6126116d5e693d7d7f3183d11ecae01e504c30c3bc9b79ad88448574e7c9e78c7f0ce0516a70d7b
Score

10^/10

amadey neshta redline runpe discovery infostealer persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyneshtaredlinerunpediscoveryinfostealerpersistencespywarestealertrojan

behavioral2

amadeyneshtaredlinerunpediscoveryinfostealerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy