amadey | 278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
Size

274KB
Sample

221128-s78s8aac2y
MD5

29a373c2434df5c3203864edadf0142e
SHA1

06eeaf59c220156007f491e6d5c158ef8cbe39da
SHA256

278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
SHA512

2580ecc59623888e9de48a2a3dda5ab6d89d3f8e4f9ba6e0a6e1f8fe6bc9d9bccb2d4f7f6278f362e8bc5993135ed19dad99231f854971cb2a9d5163d7a5cd03
SSDEEP

6144:cjvlU05pLO4315W89JF51AVmeMP36tVFvg4/FQF:cj6epLOI5W8CtM/mDgSm

Score

10^/10

amadey raccoon redline smokeloader ac3d98d56818de8ac1c6d9d84122c3d5 backdoor infostealer stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48.exe

Resource

win10-20220812-en

amadey raccoon redline smokeloader ac3d98d56818de8ac1c6d9d84122c3d5 backdoor infostealer stealer trojan

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

ac3d98d56818de8ac1c6d9d84122c3d5

C2

http://65.108.248.168

rc4.plain

Extracted

Family

amadey

Version

3.50

C2

77.73.134.65/o7VsjdSa2f/index.php

Targets

- Target
  
  278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
- Size
  
  274KB
- MD5
  
  29a373c2434df5c3203864edadf0142e
- SHA1
  
  06eeaf59c220156007f491e6d5c158ef8cbe39da
- SHA256
  
  278234b6fac8082ce18f4898067337c0933d8b604a90694c8d30e7d7eab23d48
- SHA512
  
  2580ecc59623888e9de48a2a3dda5ab6d89d3f8e4f9ba6e0a6e1f8fe6bc9d9bccb2d4f7f6278f362e8bc5993135ed19dad99231f854971cb2a9d5163d7a5cd03
- SSDEEP
  
  6144:cjvlU05pLO4315W89JF51AVmeMP36tVFvg4/FQF:cj6epLOI5W8CtM/mDgSm
Score

10^/10

amadey raccoon redline smokeloader ac3d98d56818de8ac1c6d9d84122c3d5 backdoor infostealer stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Smokeloader packer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

amadeyraccoonredlinesmokeloaderac3d98d56818de8ac1c6d9d84122c3d5backdoorinfostealerstealertrojan

© 2018-2024

Terms | Privacy