amadey | cc3eafe22fc209171bfae985be94acf98008c9b9a8b223a1bc1c737a96b97983 | Triage

Sharing

General

Target

cc3eafe22fc209171bfae985be94acf98008c9b9a8b223a1bc1c737a96b97983
Size

1.0MB
Sample

230414-zz8a2sca23
MD5

0d0e0b350d5a4bc65298e974bd97d045
SHA1

c99e7425bf4b9fd90b78c247cc25d6a606eec088
SHA256

cc3eafe22fc209171bfae985be94acf98008c9b9a8b223a1bc1c737a96b97983
SHA512

62029324b13aa88d3548e0c7475dd032f6765552cc4b4d2eef357e9ad632218fa17d89a8a268d804559e3ed2ff60a2c728c99a9892e67c519285e85c30f14b94
SSDEEP

24576:HyzK93ROV1floSqYUJ4zoKrLEq2oQj6VYf4L:SugVtloSqTKEhqNQ2Vl

Score

10^/10

amadey redline soft evasion infostealer persistence trojan

Malware Config

Extracted

Family

redline

Botnet

soft

C2

77.91.124.146:4121

Attributes

auth_value
e65663e455bca3c5699650b66e76ceaa

Targets

- Target
  
  cc3eafe22fc209171bfae985be94acf98008c9b9a8b223a1bc1c737a96b97983
- Size
  
  1.0MB
- MD5
  
  0d0e0b350d5a4bc65298e974bd97d045
- SHA1
  
  c99e7425bf4b9fd90b78c247cc25d6a606eec088
- SHA256
  
  cc3eafe22fc209171bfae985be94acf98008c9b9a8b223a1bc1c737a96b97983
- SHA512
  
  62029324b13aa88d3548e0c7475dd032f6765552cc4b4d2eef357e9ad632218fa17d89a8a268d804559e3ed2ff60a2c728c99a9892e67c519285e85c30f14b94
- SSDEEP
  
  24576:HyzK93ROV1floSqYUJ4zoKrLEq2oQj6VYf4L:SugVtloSqTKEhqNQ2Vl
Score

10^/10

amadey redline soft evasion infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinesoftevasioninfostealerpersistencetrojan