amadey | 3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84 | Triage

Sharing

General

Target

3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
Size

706KB
Sample

230414-k1wlbahc68
MD5

69a3dc0e5303dac4d5f5c21f5765e7ac
SHA1

522c8332d9dcda74157036a4b1d3537c1ffdc97e
SHA256

3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
SHA512

a7e395864372600db914cc96b9c0ff5a8fd6eb7349cd5d8e0cfec0270d1afeead0bfe7067ec0a507737265064c73029dae08b84b5730e694a2f3bafc3d8ac0b6
SSDEEP

12288:SMrSy906RGxJ64V74lAiCCdqeOzVNdvGsVLsqQWmhQcjx/EpBT:wyjGbv94aiwhJXQW8njx/EpN

Score

10^/10

amadey redline lada infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes

auth_value
0b3678897547fedafe314eda5a2015ba

Targets

- Target
  
  3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
- Size
  
  706KB
- MD5
  
  69a3dc0e5303dac4d5f5c21f5765e7ac
- SHA1
  
  522c8332d9dcda74157036a4b1d3537c1ffdc97e
- SHA256
  
  3a5feaa7104b951210b506fb6ab0cec9e44b4091883803e01f55aa444dac2e84
- SHA512
  
  a7e395864372600db914cc96b9c0ff5a8fd6eb7349cd5d8e0cfec0270d1afeead0bfe7067ec0a507737265064c73029dae08b84b5730e694a2f3bafc3d8ac0b6
- SSDEEP
  
  12288:SMrSy906RGxJ64V74lAiCCdqeOzVNdvGsVLsqQWmhQcjx/EpBT:wyjGbv94aiwhJXQW8njx/EpN
Score

10^/10

amadey redline lada infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

amadeyredlineladainfostealerpersistencetrojan