amadey | f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
Size

322KB
Sample

221102-jkqjpaacb5
MD5

468e03b0d6f647fdcd5b106dc6867ec4
SHA1

170b74af5f578040b50ca88db17433b80069a045
SHA256

f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
SHA512

a77db43f5c3bae0bb77ce6805be8ce89b046b46be8555f486f0888c19dc625fe6617f1f8348e89ea004db19cab4f6ea2c5fb25ba4749f9efe8c68b85c4010dcf
SSDEEP

3072:PY82Ki8oFBshc5XTht6jsEnoJGDtkTp8aRhvHuzCQr6VggjcGkNIVqIZ:A82NBmuhLEnoIxa8UOZrC7ITsq4

Score

10^/10

amadey redline google2 collection infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639.exe

Resource

win10-20220812-en

amadey redline google2 collection infostealer spyware stealer trojan

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes

auth_value
fb274d9691235ba015830da570a13578

Targets

- Target
  
  f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
- Size
  
  322KB
- MD5
  
  468e03b0d6f647fdcd5b106dc6867ec4
- SHA1
  
  170b74af5f578040b50ca88db17433b80069a045
- SHA256
  
  f4bb81b0e4cb01d63191d35b9f534875b83c52fbb6a3e4ce46bd5ad90455d639
- SHA512
  
  a77db43f5c3bae0bb77ce6805be8ce89b046b46be8555f486f0888c19dc625fe6617f1f8348e89ea004db19cab4f6ea2c5fb25ba4749f9efe8c68b85c4010dcf
- SSDEEP
  
  3072:PY82Ki8oFBshc5XTht6jsEnoJGDtkTp8aRhvHuzCQr6VggjcGkNIVqIZ:A82NBmuhLEnoIxa8UOZrC7ITsq4
Score

10^/10

amadey redline google2 collection infostealer spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinegoogle2collectioninfostealerspywarestealertrojan

© 2018-2025

Terms | Privacy