amadey

General

Target

ee2caa467f7620302ebbdc3b53eb875bbbdab550c06e0c4704646472b4212c3d
Size

915KB
Sample

230620-s8amtaeb3x
MD5

d7ce55dc4265af15c541ececd6061dfd
SHA1

cdbe2fc4f8d0c4a25b0187e4fdaf3397a950e268
SHA256

ee2caa467f7620302ebbdc3b53eb875bbbdab550c06e0c4704646472b4212c3d
SHA512

62f6b6236a028cff4212e7162c444c6ae82b46b6bfd8b17e442e91b3d795ad9482019de53f8ce598920a5e73984b9eb7d384c585c2a43c455d921ebe822cb299
SSDEEP

24576:5ybXObVM4JEuBXornPu3KHFMcO8D+CPm0eA:szcZFAq0F5+v0e

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

hares

C2

83.97.73.128:19071

Attributes

auth_value
62fed2fd42b168e956200885cefb36a7

Extracted

Family

amadey

Version

3.81

C2

95.214.27.98/cronus/index.php

Extracted

Family

redline

Botnet

Rocketpro

C2

94.142.138.212:26540

Attributes

auth_value
7ec2b1cebe4360f7f11bb80bbf7d8b26

Targets

- Target
  
  ee2caa467f7620302ebbdc3b53eb875bbbdab550c06e0c4704646472b4212c3d
- Size
  
  915KB
- MD5
  
  d7ce55dc4265af15c541ececd6061dfd
- SHA1
  
  cdbe2fc4f8d0c4a25b0187e4fdaf3397a950e268
- SHA256
  
  ee2caa467f7620302ebbdc3b53eb875bbbdab550c06e0c4704646472b4212c3d
- SHA512
  
  62f6b6236a028cff4212e7162c444c6ae82b46b6bfd8b17e442e91b3d795ad9482019de53f8ce598920a5e73984b9eb7d384c585c2a43c455d921ebe822cb299
- SSDEEP
  
  24576:5ybXObVM4JEuBXornPu3KHFMcO8D+CPm0eA:szcZFAq0F5+v0e
Score

10^/10

amadey redline rhadamanthys hares rocketpro discovery evasion infostealer persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect rhadamanthys stealer shellcode
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1