amadey

General

Target

e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
Size

1.2MB
Sample

230317-2f7lhscc7v
MD5

30ebaf8465eefe2fdda5456efbe5868a
SHA1

27310ed399a2fab22e34a40576ebcd00da7aa825
SHA256

e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
SHA512

60990e9fde61621ba69469daa53bd5f73c00392ff29c3cedd3003c1be2a0be87361e0a4363d38d2073b0048db71dd8e033826980a4ee367004debccc89b6a468
SSDEEP

24576:+gcL02I4/sr0X8KvEjUS3/XxExcPXxp2eCEpH:+gcL02Ix2SPX2+PX8

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

mango

C2

193.233.20.28:4125

Attributes

auth_value
ecf79d7f5227d998a3501c972d915d23

Extracted

Family

redline

Botnet

laba

C2

193.233.20.28:4125

Attributes

auth_value
2cf01cffff9092a85ca7e106c547190b

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

- Target
  
  e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
- Size
  
  1.2MB
- MD5
  
  30ebaf8465eefe2fdda5456efbe5868a
- SHA1
  
  27310ed399a2fab22e34a40576ebcd00da7aa825
- SHA256
  
  e9ec17c27e5da7902e06488d0bb1258737fd0d3c1e3a996e39039ae6c8311b5c
- SHA512
  
  60990e9fde61621ba69469daa53bd5f73c00392ff29c3cedd3003c1be2a0be87361e0a4363d38d2073b0048db71dd8e033826980a4ee367004debccc89b6a468
- SSDEEP
  
  24576:+gcL02I4/sr0X8KvEjUS3/XxExcPXxp2eCEpH:+gcL02Ix2SPX2+PX8
Score

10^/10

amadey redline laba mango discovery evasion infostealer persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1