amadey | 8f81aea8532fa47818298688e4e5932bdb78bf3ecaa24e3f45e7a949f05ef123 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9097957ef7...eb.exe

windows7-x64

9097957ef7...eb.exe

windows10-2004-x64

Sharing

General

Target

9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.zip
Size

111KB
Sample

230308-ndqy4afc6t
MD5

857eabb2c3a0a9c466c321c1161ba4df
SHA1

3347ac5f5400a7a7e5ee430a9985527ad845630c
SHA256

8f81aea8532fa47818298688e4e5932bdb78bf3ecaa24e3f45e7a949f05ef123
SHA512

7bd648b4ebbcc8cac4a2c6a80ef30c90fe838d703ab4e22f622cad90edc4c7662a569e6188bfecd5f6ab5782b4be8c606731b27debde68d16b3336d780ca7c6a
SSDEEP

3072:u0B1vUyZ70cDUJZyM+mTqyXqvGSV1tAmp9slY9:R38yjeZUoqyXqvGQGmp9OU

Score

10^/10

amadey redline infostealer spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.exe

Resource

win7-20230220-en

amadey spyware stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.exe

Resource

win10v2004-20230220-en

amadey redline infostealer spyware stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.68

C2

77.91.78.17/0jVu73d/index.php

Extracted

Family

redline

C2

95.216.251.184:4321

Attributes

auth_value
a909e2aaecf96137978fea4f86400b9b

Targets

- Target
  
  9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb.exe
- Size
  
  244KB
- MD5
  
  622779b345a28c3999e46f3d5a6a5ec8
- SHA1
  
  21a4dc3be99afa3fba8ac935edaf14e6e59e43b0
- SHA256
  
  9097957ef74a711ac6380a85776aff304b66a2555b395f012c24b8c753ec72eb
- SHA512
  
  f1e24fa86e0421f50da47b634f3549f369604c476f42c18b692695ea44020d9b4cf8142e69752e3749317d678aac21e01eca787c2df30b134c28bf876cd79872
- SSDEEP
  
  6144:raKMNkZYYYRHqz5yetq1+Gvuli30oU9ci68:udayF1tuli3c
Score

10^/10

amadey spyware stealer trojan upx redline infostealer
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyspywarestealertrojanupx

behavioral2

amadeyredlineinfostealerspywarestealertrojanupx

© 2018-2025

Terms | Privacy