amadey

General

Target

e47e077edaa9d362444467c0b6cbce82ffb7dda75a1aa58d9e7019ca366d586e
Size

184KB
Sample

221115-je3basbh4x
MD5

d22ace640c08a8a99ec0483594be87c7
SHA1

fc1b84cc90c6a5499b98e537baa719a70aed3f33
SHA256

e47e077edaa9d362444467c0b6cbce82ffb7dda75a1aa58d9e7019ca366d586e
SHA512

ec90a5aa4ec60f6e598cedc362f70a5d83ab42eaf0e0f6d180f42bdb1ab9daa1535ad57b7fb4d9e0982dd7424ef08a056fa2f023022cd047955b69151de31f92
SSDEEP

3072:WAtj+e5K8Qrg9s9liM5ZfFqwIu3f5Dm3J/pYp0R:lq77iM5ZfowIu3f4l

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

123

C2

78.153.144.3:2510

Attributes

auth_value
cd6abb0af211bce081d7bf127cc26835

Extracted

Family

redline

Botnet

rozena1114

C2

jalocliche.xyz:81

chardhesha.xyz:81

Attributes

auth_value
9fefd743a3b62bcd7c3e17a70fbdb3a8

Targets

- Target
  
  e47e077edaa9d362444467c0b6cbce82ffb7dda75a1aa58d9e7019ca366d586e
- Size
  
  184KB
- MD5
  
  d22ace640c08a8a99ec0483594be87c7
- SHA1
  
  fc1b84cc90c6a5499b98e537baa719a70aed3f33
- SHA256
  
  e47e077edaa9d362444467c0b6cbce82ffb7dda75a1aa58d9e7019ca366d586e
- SHA512
  
  ec90a5aa4ec60f6e598cedc362f70a5d83ab42eaf0e0f6d180f42bdb1ab9daa1535ad57b7fb4d9e0982dd7424ef08a056fa2f023022cd047955b69151de31f92
- SSDEEP
  
  3072:WAtj+e5K8Qrg9s9liM5ZfFqwIu3f5Dm3J/pYp0R:lq77iM5ZfowIu3f4l
Score

10^/10

amadey redline smokeloader 123 rozena1114 backdoor collection discovery infostealer spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1