amadey | c12095b5e77be004fd37dfa50785f6578f07b702e681d751ae050be5ede8e5b7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

c12095b5e77be004fd37dfa50785f6578f07b702e681d751ae050be5ede8e5b7
Size

258KB
Sample

221112-vsr82agg68
MD5

43d67143a8a8199ad104cee9e8005968
SHA1

067642d532aaa2e4ea26e8ad121f31db2e5a7c7b
SHA256

c12095b5e77be004fd37dfa50785f6578f07b702e681d751ae050be5ede8e5b7
SHA512

1152a47384612008d402f10292eb32acc7819c0e780bb8ec85570993a47e1358b99929a1ceb80e18189daab734fe6d7956f0b42bf7f2ef70dc38bcc6fecfee0c
SSDEEP

6144:lN2bVLr9JgZkzllVBqtUIfMYmtJZTy2fqwW:lN25f9JgM7VBSUIfmtLG2fqz

Score

10^/10

amadey redline boy infostealer persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

c12095b5e77be004fd37dfa50785f6578f07b702e681d751ae050be5ede8e5b7.exe

Resource

win10-20220812-en

amadey redline boy infostealer persistence trojan

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

boy

C2

77.73.134.241:4691

Attributes

auth_value
a91fa8cc2cfaefc42a23c03faef44bd3

Targets

- Target
  
  c12095b5e77be004fd37dfa50785f6578f07b702e681d751ae050be5ede8e5b7
- Size
  
  258KB
- MD5
  
  43d67143a8a8199ad104cee9e8005968
- SHA1
  
  067642d532aaa2e4ea26e8ad121f31db2e5a7c7b
- SHA256
  
  c12095b5e77be004fd37dfa50785f6578f07b702e681d751ae050be5ede8e5b7
- SHA512
  
  1152a47384612008d402f10292eb32acc7819c0e780bb8ec85570993a47e1358b99929a1ceb80e18189daab734fe6d7956f0b42bf7f2ef70dc38bcc6fecfee0c
- SSDEEP
  
  6144:lN2bVLr9JgZkzllVBqtUIfMYmtJZTy2fqwW:lN25f9JgM7VBSUIfmtLG2fqz
Score

10^/10

amadey redline boy infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeyredlineboyinfostealerpersistencetrojan

© 2018-2024

Terms | Privacy