amadey | a49a5fcd39465bb7ddba747dd54bada3bb0383df2cb0bc764eb9f9cde455b905 | Triage

Sharing

General

Target

a49a5fcd39465bb7ddba747dd54bada3bb0383df2cb0bc764eb9f9cde455b905
Size

1.4MB
Sample

230823-vm3sksff61
MD5

19b617fe2b1d54e4f64ece36fb235515
SHA1

38ec851a75c6f5fbddc8e781b498da8803f8ef6f
SHA256

a49a5fcd39465bb7ddba747dd54bada3bb0383df2cb0bc764eb9f9cde455b905
SHA512

f8af164ec570e446ba431ffb0a867f0452e4b3055a48a7f459a43c33e084e9c6b5476c64d70895fa9817be81094a1fa75c0008e29f1aeabb938e45a7096a31fd
SSDEEP

24576:YyA9pZFedJAY5BB8JzZFv65IAULJk0m63ntDk7Wet4bm/YkkmdUHLx5dY5s:f0Z0dJAY5k0CrNmani7W44bm/RhcY

Score

10^/10

amadey redline gogi infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

gogi

C2

77.91.124.73:19071

Attributes

auth_value
c7dbabcf1eff128a595c7532cb5489a8

Targets

- Target
  
  a49a5fcd39465bb7ddba747dd54bada3bb0383df2cb0bc764eb9f9cde455b905
- Size
  
  1.4MB
- MD5
  
  19b617fe2b1d54e4f64ece36fb235515
- SHA1
  
  38ec851a75c6f5fbddc8e781b498da8803f8ef6f
- SHA256
  
  a49a5fcd39465bb7ddba747dd54bada3bb0383df2cb0bc764eb9f9cde455b905
- SHA512
  
  f8af164ec570e446ba431ffb0a867f0452e4b3055a48a7f459a43c33e084e9c6b5476c64d70895fa9817be81094a1fa75c0008e29f1aeabb938e45a7096a31fd
- SSDEEP
  
  24576:YyA9pZFedJAY5BB8JzZFv65IAULJk0m63ntDk7Wet4bm/YkkmdUHLx5dY5s:f0Z0dJAY5k0CrNmani7W44bm/RhcY
Score

10^/10

amadey redline gogi infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinegogiinfostealerpersistencetrojan