amadey | 97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040 | Triage

Sharing

General

Target

97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
Size

517KB
Sample

230801-jh5wlafd4z
MD5

99828315ef1fe84341457eb71d62384f
SHA1

0e1e393a22204a95cc0130a2def4afa59c4fb76f
SHA256

97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
SHA512

42d2e4bf622bf5eb75c6ab00e4a33e530c0cf115904efd8370a8a35237ed1c543a3f7df7ffff4c60e1e9c15a6e660c6ef52c4452070f73bf93edc8fb640b4d54
SSDEEP

12288:PMrty90GnGVS06dkqjXWsqf6B1jqTrUdMPR28tJ9:uy7ns0m0BIv0MPRJl

Score

10^/10

amadey healer redline lodka dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

lodka

C2

77.91.124.156:19071

Attributes

auth_value
76f99d6cc9332c02bb9728c3ba80d3a9

Targets

- Target
  
  97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
- Size
  
  517KB
- MD5
  
  99828315ef1fe84341457eb71d62384f
- SHA1
  
  0e1e393a22204a95cc0130a2def4afa59c4fb76f
- SHA256
  
  97837e09065946d161b746d6a0abbeca994c0817e6a89fa808011c9043373040
- SHA512
  
  42d2e4bf622bf5eb75c6ab00e4a33e530c0cf115904efd8370a8a35237ed1c543a3f7df7ffff4c60e1e9c15a6e660c6ef52c4452070f73bf93edc8fb640b4d54
- SSDEEP
  
  12288:PMrty90GnGVS06dkqjXWsqf6B1jqTrUdMPR28tJ9:uy7ns0m0BIv0MPRJl
Score

10^/10

amadey healer redline lodka dropper evasion infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyhealerredlinelodkadropperevasioninfostealerpersistencetrojan