amadey

General

Target

89b86026355bafd9360cd6ab2027543d57fb1f4d858c4140f31a73711d2b7671
Size

982KB
Sample

230411-l91r3abg65
MD5

709e98ddc931559dca13a82dfccec2a4
SHA1

5a8e0a734065b4037baf7606d7b56f5310b0af6b
SHA256

89b86026355bafd9360cd6ab2027543d57fb1f4d858c4140f31a73711d2b7671
SHA512

d90de2a74b918e64f0eb62c15ef911bc061900c1fb92e75532d21f4da48f2787aa05e77684a9b474bc2c639981fa8802c1d7c416016a2ad8579cb275d24b2eb9
SSDEEP

24576:yyWuCjKLhEDP+Ioc0bDdLtjseIVVT7ohUbTAzkjbNho/DceGBwZ:Zr5LhEao+pLtjsVVTRVneCw

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes

auth_value
050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

amadey

Version

3.70

C2

77.91.124.207/plays/chapter/index.php

Extracted

Family

redline

Botnet

nord

C2

176.113.115.145:4125

Attributes

auth_value
ebb7d38cdbd7c83cf6363ef3feb3a530

Targets

- Target
  
  89b86026355bafd9360cd6ab2027543d57fb1f4d858c4140f31a73711d2b7671
- Size
  
  982KB
- MD5
  
  709e98ddc931559dca13a82dfccec2a4
- SHA1
  
  5a8e0a734065b4037baf7606d7b56f5310b0af6b
- SHA256
  
  89b86026355bafd9360cd6ab2027543d57fb1f4d858c4140f31a73711d2b7671
- SHA512
  
  d90de2a74b918e64f0eb62c15ef911bc061900c1fb92e75532d21f4da48f2787aa05e77684a9b474bc2c639981fa8802c1d7c416016a2ad8579cb275d24b2eb9
- SSDEEP
  
  24576:yyWuCjKLhEDP+Ioc0bDdLtjseIVVT7ohUbTAzkjbNho/DceGBwZ:Zr5LhEao+pLtjsVVTRVneCw
Score

10^/10

amadey redline nord rosn discovery evasion infostealer persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1