amadey | 823ffd3278c8a81b3c07e04b3b7dcb0335a4eb8f68de27b17fae60e676bc548c | Triage

Sharing

General

Target

823ffd3278c8a81b3c07e04b3b7dcb0335a4eb8f68de27b17fae60e676bc548c
Size

783KB
Sample

230210-r2eshsea27
MD5

242f4f5467d7ce3175f4297d160abb5b
SHA1

6d20d85f04c40343ef8262ad898a7425f162d49b
SHA256

823ffd3278c8a81b3c07e04b3b7dcb0335a4eb8f68de27b17fae60e676bc548c
SHA512

fda6882f118a02dd1c29999362855edd82d2c7dfba51113d6edb2b37194ae910bb2258904f723f9d77aeeba0aa4ab135ad356b2bd69ffdf2fa4709d8c2bf0ecf
SSDEEP

12288:qMrtGy90Z359uiA6AmnY2c/0BhUfJqKW66RC6WBkVUYIk9X4:yy+Gi/AmzC0YJI6r6WkVF/l4

Score

10^/10

amadey redline romka infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.66

C2

62.204.41.5/Bu58Ngs/index.php

Extracted

Family

redline

Botnet

romka

C2

193.233.20.11:4131

Attributes

auth_value
fcbb3247051f5290e8ac5b1a841af67b

Targets

- Target
  
  823ffd3278c8a81b3c07e04b3b7dcb0335a4eb8f68de27b17fae60e676bc548c
- Size
  
  783KB
- MD5
  
  242f4f5467d7ce3175f4297d160abb5b
- SHA1
  
  6d20d85f04c40343ef8262ad898a7425f162d49b
- SHA256
  
  823ffd3278c8a81b3c07e04b3b7dcb0335a4eb8f68de27b17fae60e676bc548c
- SHA512
  
  fda6882f118a02dd1c29999362855edd82d2c7dfba51113d6edb2b37194ae910bb2258904f723f9d77aeeba0aa4ab135ad356b2bd69ffdf2fa4709d8c2bf0ecf
- SSDEEP
  
  12288:qMrtGy90Z359uiA6AmnY2c/0BhUfJqKW66RC6WBkVUYIk9X4:yy+Gi/AmzC0YJI6r6WkVF/l4
Score

10^/10

amadey redline romka infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlineromkainfostealerpersistencetrojan