amadey | 84053342fa87f15a6ec84c9ce261b1b279823206a5e5cbc99324d4cad7ef90b9 | Triage

Sharing

General

Target

84053342fa87f15a6ec84c9ce261b1b279823206a5e5cbc99324d4cad7ef90b9
Size

1.4MB
Sample

230825-a3hgcshh9v
MD5

97a072f5c2fd39bb355f6f6c0c6cb8f3
SHA1

1327e0d564db69ffa0f8cb916134b42a73857ffb
SHA256

84053342fa87f15a6ec84c9ce261b1b279823206a5e5cbc99324d4cad7ef90b9
SHA512

57797574efe966aef722722d922293c0709c8dc90e5151ba09264cf89a12b6d2d25efe6aecab5d7e13a714387691be06e879194d1ae7733b4795f833aa8ed330
SSDEEP

24576:OysaGZChiJx3q6j6ovK4ccDVfVi/vmY9NGwfk5TEMajKloYWxVRX7:dsZjr6SXK4ccZtyvm/ZoMvoYW

Score

10^/10

amadey redline vaga infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

vaga

C2

77.91.124.73:19071

Attributes

auth_value
393905212ded984248e8e000e612d4fe

Targets

- Target
  
  84053342fa87f15a6ec84c9ce261b1b279823206a5e5cbc99324d4cad7ef90b9
- Size
  
  1.4MB
- MD5
  
  97a072f5c2fd39bb355f6f6c0c6cb8f3
- SHA1
  
  1327e0d564db69ffa0f8cb916134b42a73857ffb
- SHA256
  
  84053342fa87f15a6ec84c9ce261b1b279823206a5e5cbc99324d4cad7ef90b9
- SHA512
  
  57797574efe966aef722722d922293c0709c8dc90e5151ba09264cf89a12b6d2d25efe6aecab5d7e13a714387691be06e879194d1ae7733b4795f833aa8ed330
- SSDEEP
  
  24576:OysaGZChiJx3q6j6ovK4ccDVfVi/vmY9NGwfk5TEMajKloYWxVRX7:dsZjr6SXK4ccZtyvm/ZoMvoYW
Score

10^/10

amadey redline vaga infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinevagainfostealerpersistencetrojan