amadey | 22170453f995406adf65367603ab77f2c29f2ec55cc3781f7f234174b69a9119 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22170453f995406adf65367603ab77f2c29f2ec55cc3781f7f234174b69a9119
Size

556KB
Sample

230807-r46zsafg25
MD5

e669e7091200645d1d3c13661b3560ac
SHA1

537d0c18e13cdf25adcf760faa2779db719ce344
SHA256

22170453f995406adf65367603ab77f2c29f2ec55cc3781f7f234174b69a9119
SHA512

22e28dafee9be0b948b14509efe90e92a667cd7cdad8a16295a1ccb784574c3829dd20d5983576ec50b482c960258ab6c0d57491376a3c021ec544a57fa54337
SSDEEP

12288:nMr4y90okmWa8J0Qb9deQWDHgBYC4FF8ppDZg7AZ+5us:/yamWliIRWMzFjDG7YA

Score

10^/10

amadey healer redline dodge dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Extracted

Family

redline

Botnet

dodge

C2

77.91.124.156:19071

Attributes

auth_value
3372223e987be2a16148c072df30163d

Targets

- Target
  
  22170453f995406adf65367603ab77f2c29f2ec55cc3781f7f234174b69a9119
- Size
  
  556KB
- MD5
  
  e669e7091200645d1d3c13661b3560ac
- SHA1
  
  537d0c18e13cdf25adcf760faa2779db719ce344
- SHA256
  
  22170453f995406adf65367603ab77f2c29f2ec55cc3781f7f234174b69a9119
- SHA512
  
  22e28dafee9be0b948b14509efe90e92a667cd7cdad8a16295a1ccb784574c3829dd20d5983576ec50b482c960258ab6c0d57491376a3c021ec544a57fa54337
- SSDEEP
  
  12288:nMr4y90okmWa8J0Qb9deQWDHgBYC4FF8ppDZg7AZ+5us:/yamWliIRWMzFjDG7YA
Score

10^/10

amadey healer redline dodge dropper evasion infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyhealerredlinedodgedropperevasioninfostealerpersistencetrojan