amadey

General

Target

3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
Size

1.0MB
Sample

230324-e934vsec7s
MD5

7761ae262332e303bbf72d448d2de19f
SHA1

4e6bd32136e6d1ef68fbda0009e05ee76a111ba0
SHA256

3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
SHA512

af2656f5d36b9779e1363b59bda27c263da9b359b3d9b8181cb31f4ac972a00f05904e21c77004e880538cfca30ebf8d22819ae46b09a494290b4aa3e95ad36a
SSDEEP

12288:2Mrly903UwCrnojmiPBnsbKRSlFjXrM+Xqb8uIR2S71bCwJ0p7oR4U1f4atYh0oF:7yWAMVATI+6b8zl71bCwsof7Zo8MfN

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes

auth_value
12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

bolt

C2

193.233.20.31:4125

Attributes

auth_value
29540c7bf0277243e2faf6601e15a754

Extracted

Family

amadey

Version

3.68

C2

62.204.41.87/joomla/index.php

Extracted

Family

redline

Botnet

USA

C2

65.108.152.34:37345

Attributes

auth_value
01ecb56953469aaed8efad25c0f68a64

Extracted

Family

aurora

C2

212.87.204.93:8081

Targets

- Target
  
  3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
- Size
  
  1.0MB
- MD5
  
  7761ae262332e303bbf72d448d2de19f
- SHA1
  
  4e6bd32136e6d1ef68fbda0009e05ee76a111ba0
- SHA256
  
  3ed0d4c0ad11b695a2ea1126575f31da3288e4d232debe31804b8bed576eab99
- SHA512
  
  af2656f5d36b9779e1363b59bda27c263da9b359b3d9b8181cb31f4ac972a00f05904e21c77004e880538cfca30ebf8d22819ae46b09a494290b4aa3e95ad36a
- SSDEEP
  
  12288:2Mrly903UwCrnojmiPBnsbKRSlFjXrM+Xqb8uIR2S71bCwJ0p7oR4U1f4atYh0oF:7yWAMVATI+6b8zl71bCwsof7Zo8MfN
Score

10^/10

amadey aurora redline bolt down usa discovery evasion infostealer persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1