amadey | 4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4
Size

235KB
Sample

221230-17hk2abh9s
MD5

5e445faf7b08cf2ffcac7b38c5d70d5d
SHA1

877098531fb4049581a7c81353fc3c7d7dd2083a
SHA256

4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4
SHA512

9874b8605aafcf7bd46754c2aa0bfbd3e7c14ad0b0791b9d016d828666c4183bc9786390697d6aeaf17d13f1cf615b023c78cff20db35f508d525e15e1e3ae31
SSDEEP

6144:IkwjBO99g6779r0psUhmiIuVyD2NgCJgN:1TrOh2uVyCNnS

Score

10^/10

amadey redline letgo collection infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4.exe

Resource

win7-20220812-en

amadey redline letgo collection infostealer spyware trojan

windows7-x64

18 signatures

300 seconds

Behavioral task

behavioral2

Sample

4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4.exe

Resource

win10-20220901-en

amadey redline letgo collection infostealer spyware stealer trojan

windows10-1703-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

amadey

Version

3.63

C2

62.204.41.91/8kcnjd3da3/index.php

Extracted

Family

redline

Botnet

letgo

C2

80.66.87.13:22346

Attributes

auth_value
9a4217b7e3f4309698e5e6d932e3545e

Targets

- Target
  
  4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4
- Size
  
  235KB
- MD5
  
  5e445faf7b08cf2ffcac7b38c5d70d5d
- SHA1
  
  877098531fb4049581a7c81353fc3c7d7dd2083a
- SHA256
  
  4414a9ba25d52ac38509ccf072d32e4f938990e3b02ca3c2d11fbd5cba433ab4
- SHA512
  
  9874b8605aafcf7bd46754c2aa0bfbd3e7c14ad0b0791b9d016d828666c4183bc9786390697d6aeaf17d13f1cf615b023c78cff20db35f508d525e15e1e3ae31
- SSDEEP
  
  6144:IkwjBO99g6779r0psUhmiIuVyD2NgCJgN:1TrOh2uVyCNnS
Score

10^/10

amadey redline letgo collection infostealer spyware trojan stealer
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Amadey credential stealer module
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Scripting

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlineletgocollectioninfostealerspywaretrojan

behavioral2

amadeyredlineletgocollectioninfostealerspywarestealertrojan

© 2018-2025

Terms | Privacy