amadey | 0b6ec4f7a5e2d34d20563ee7978bd128a62c62371636cdf6c23700d34bdf1ed3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b6ec4f7a5e2d34d20563ee7978bd128a62c62371636cdf6c23700d34bdf1ed3
Size

1.0MB
Sample

230414-y5xk3abf82
MD5

ff94756847c9263d7b2c407b7f7a70d6
SHA1

012423926c1bd4d2161975e8200a829bb9452747
SHA256

0b6ec4f7a5e2d34d20563ee7978bd128a62c62371636cdf6c23700d34bdf1ed3
SHA512

d028e3a25141e6c87d438b26ff7cbd9e9c58a6eb236fd084fcfd8eb197a43bf8ce71f9301fbf073ca04e7cf51bcce758bb1f625b4093cc4c5cc0c180c7f3b275
SSDEEP

24576:9y3gHA9u1GVLV1KH1QQq7UJVzJKrLBq/He5pd:YDdVRABqAbtkq

Score

10^/10

amadey redline soft evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

soft

C2

77.91.124.146:4121

Attributes

auth_value
e65663e455bca3c5699650b66e76ceaa

Targets

- Target
  
  0b6ec4f7a5e2d34d20563ee7978bd128a62c62371636cdf6c23700d34bdf1ed3
- Size
  
  1.0MB
- MD5
  
  ff94756847c9263d7b2c407b7f7a70d6
- SHA1
  
  012423926c1bd4d2161975e8200a829bb9452747
- SHA256
  
  0b6ec4f7a5e2d34d20563ee7978bd128a62c62371636cdf6c23700d34bdf1ed3
- SHA512
  
  d028e3a25141e6c87d438b26ff7cbd9e9c58a6eb236fd084fcfd8eb197a43bf8ce71f9301fbf073ca04e7cf51bcce758bb1f625b4093cc4c5cc0c180c7f3b275
- SSDEEP
  
  24576:9y3gHA9u1GVLV1KH1QQq7UJVzJKrLBq/He5pd:YDdVRABqAbtkq
Score

10^/10

amadey redline soft evasion infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinesoftevasioninfostealerpersistencetrojan