amadey | 30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
Size

334KB
Sample

221118-3eqgaacg23
MD5

a975b4fd1a87d15729b8973f44155368
SHA1

554dc2c50d3d0fae634155062c6548e32751f562
SHA256

30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
SHA512

27c745dff28a70ba9757667a5f3de34adc1b42a3dccd663a1c8a363e97898979115371de9993f997673f2dcf6ab7aed6b5934065fb8ff1fab130748d74dd2d36
SSDEEP

6144:NvKUbFcLByKHp+mTuNUh+3oQ9gOU+fzYBb6:MUadyKH5CNb9gT6

Score

10^/10

amadey redline smokeloader vidar 1827 easy1018 email backdoor infostealer stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5.exe

Resource

win10v2004-20221111-en

amadey redline smokeloader vidar 1827 easy1018 email backdoor infostealer stealer trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

vidar

Version

55.7

Botnet

1827

C2

https://t.me/deadftx

https://www.ultimate-guitar.com/u/smbfupkuhrgc1

Attributes

profile_id
1827

Extracted

Family

redline

Botnet

easy1018

C2

chardhesha.xyz:81

jalocliche.xyz:81

Attributes

auth_value
56edfa3741d7e2286e0bcfe901712a2c

Extracted

Family

redline

Botnet

email

C2

89.23.96.39:44465

Attributes

auth_value
f9940860247e8a85fc8c16674c54799c

Extracted

Family

amadey

Version

3.50

C2

193.56.146.174/g84kvj4jck/index.php

Targets

- Target
  
  30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
- Size
  
  334KB
- MD5
  
  a975b4fd1a87d15729b8973f44155368
- SHA1
  
  554dc2c50d3d0fae634155062c6548e32751f562
- SHA256
  
  30f21adafd32a745728f33743e8cfec2d9cbe8984d522f142de41e04f9e6b3b5
- SHA512
  
  27c745dff28a70ba9757667a5f3de34adc1b42a3dccd663a1c8a363e97898979115371de9993f997673f2dcf6ab7aed6b5934065fb8ff1fab130748d74dd2d36
- SSDEEP
  
  6144:NvKUbFcLByKHp+mTuNUh+3oQ9gOU+fzYBb6:MUadyKH5CNb9gT6
Score

10^/10

amadey redline smokeloader vidar 1827 easy1018 email backdoor infostealer stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

amadeyredlinesmokeloadervidar1827easy1018emailbackdoorinfostealerstealertrojan

© 2018-2024

Terms | Privacy