amadey

General

Target

ceab226ff2b8a45806f09fe7e91d491956d900f0331884db3f61f7e53e2b8512
Size

975KB
Sample

230403-za4assag7v
MD5

719c454447a1616031168b37f04c2fec
SHA1

bda63acbde92ac769bd8a4cb2011cf67b2373f37
SHA256

ceab226ff2b8a45806f09fe7e91d491956d900f0331884db3f61f7e53e2b8512
SHA512

4f3305c4e29388c52c14ae6920b22924b4aeae36a0eb74acdf125e7a97f484c7f500f5f42be30de9af40e1e7c771f0e49bb12894ee01d0b9d38bea620ed4dc20
SSDEEP

24576:ryrjoRvsetqP+oNkZlRxioKijxRQlI/NbDSwtTz6kGCR:eIZsetG+oNkDVj4lIxDd6X

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

nord

C2

176.113.115.145:4125

Attributes

auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530

Extracted

Family

amadey

Version

3.69

C2

193.233.20.29/games/category/index.php

Targets

- Target
  
  ceab226ff2b8a45806f09fe7e91d491956d900f0331884db3f61f7e53e2b8512
- Size
  
  975KB
- MD5
  
  719c454447a1616031168b37f04c2fec
- SHA1
  
  bda63acbde92ac769bd8a4cb2011cf67b2373f37
- SHA256
  
  ceab226ff2b8a45806f09fe7e91d491956d900f0331884db3f61f7e53e2b8512
- SHA512
  
  4f3305c4e29388c52c14ae6920b22924b4aeae36a0eb74acdf125e7a97f484c7f500f5f42be30de9af40e1e7c771f0e49bb12894ee01d0b9d38bea620ed4dc20
- SSDEEP
  
  24576:ryrjoRvsetqP+oNkZlRxioKijxRQlI/NbDSwtTz6kGCR:eIZsetG+oNkDVj4lIxDd6X
Score

10^/10

amadey redline nord rosn discovery evasion infostealer persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1