amadey | 5569c823243f95190890eab510aae4546184bf5109494022cfef2154285ac220 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5569c823243f95190890eab510aae4546184bf5109494022cfef2154285ac220
Size

592KB
Sample

230821-31b6saag4y
MD5

2665cdc595ce23cc42633b8f0ba0f4e9
SHA1

d5ed86ecd8e991f7ed7a4ce7acb05666a4a4aca1
SHA256

5569c823243f95190890eab510aae4546184bf5109494022cfef2154285ac220
SHA512

dd4776adadf2232788a414346fd5b9a611c8f0351c8b49c1e6a52e407c64de4a5aaa0636fd26c879bfd18163c0cce7d328c6059168c448bfebd2da75e582c691
SSDEEP

12288:xMr3y90bVDJiE9dtfWHCsx1kc0U8dEvLjqaMLRMXKTbR3FfvT:SyQVDJH5WHZ1kcZRCFT

Score

10^/10

amadey redline piter infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Extracted

Family

redline

Botnet

piter

C2

77.91.124.73:19071

Attributes

auth_value
7f92ff466423bb35edbfbc22f78b0bb9

Targets

- Target
  
  5569c823243f95190890eab510aae4546184bf5109494022cfef2154285ac220
- Size
  
  592KB
- MD5
  
  2665cdc595ce23cc42633b8f0ba0f4e9
- SHA1
  
  d5ed86ecd8e991f7ed7a4ce7acb05666a4a4aca1
- SHA256
  
  5569c823243f95190890eab510aae4546184bf5109494022cfef2154285ac220
- SHA512
  
  dd4776adadf2232788a414346fd5b9a611c8f0351c8b49c1e6a52e407c64de4a5aaa0636fd26c879bfd18163c0cce7d328c6059168c448bfebd2da75e582c691
- SSDEEP
  
  12288:xMr3y90bVDJiE9dtfWHCsx1kc0U8dEvLjqaMLRMXKTbR3FfvT:SyQVDJH5WHZ1kcZRCFT
Score

10^/10

amadey redline piter infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinepiterinfostealerpersistencetrojan