amadey | d076d2dfb5e8cd53de79d89398e0fd6439db715720a5ceb796bfac5eef862e03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d076d2dfb5e8cd53de79d89398e0fd6439db715720a5ceb796bfac5eef862e03
Size

1.4MB
Sample

230826-25h98afg2x
MD5

ca6ce969ea04bb9a8f7ae4bf54225a3c
SHA1

f24ed0625a3e8e03f1bb4d002c746a5489e923d6
SHA256

d076d2dfb5e8cd53de79d89398e0fd6439db715720a5ceb796bfac5eef862e03
SHA512

97ab6342d2285ddddcd91d502c1f378533a1e01af2b8a5d0bebaf3f534d53de46d82d3e01a1fa27b043ebde10b0c8d1d5f69c5df2ead5739eef1e6fd356ad599
SSDEEP

24576:dyhRgq/ohZit/kPFR/7RgKTTG8phdae15k+rrOPHyCni9QFfS/F6ISqMN+iPWe0s:4zgq/glPFR/FgKTTG8/GPHjI9HSqKPWD

Score

10^/10

amadey redline jaja infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

jaja

C2

77.91.124.73:19071

Attributes

auth_value
3670179d176ca399ed08e7914610b43c

Targets

- Target
  
  d076d2dfb5e8cd53de79d89398e0fd6439db715720a5ceb796bfac5eef862e03
- Size
  
  1.4MB
- MD5
  
  ca6ce969ea04bb9a8f7ae4bf54225a3c
- SHA1
  
  f24ed0625a3e8e03f1bb4d002c746a5489e923d6
- SHA256
  
  d076d2dfb5e8cd53de79d89398e0fd6439db715720a5ceb796bfac5eef862e03
- SHA512
  
  97ab6342d2285ddddcd91d502c1f378533a1e01af2b8a5d0bebaf3f534d53de46d82d3e01a1fa27b043ebde10b0c8d1d5f69c5df2ead5739eef1e6fd356ad599
- SSDEEP
  
  24576:dyhRgq/ohZit/kPFR/7RgKTTG8phdae15k+rrOPHyCni9QFfS/F6ISqMN+iPWe0s:4zgq/glPFR/FgKTTG8/GPHjI9HSqKPWD
Score

10^/10

amadey redline jaja infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinejajainfostealerpersistencetrojan