amadey | 5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594 | Triage

Sharing

General

Target

5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594
Size

1.4MB
Sample

230827-jvqmfagc29
MD5

007f9f8c2c4f960b7f0b81667ba0521a
SHA1

4807e340be2870eac0b4fd30d0b7a10288ca0b8d
SHA256

5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594
SHA512

66bc59160d48985fc731e742f81843fb3bcc9c0c326a421030c9a92d63253bee8769dd93f0adbb164bce34a9423c1207732b97c5b5319cbd80a8943117a8456d
SSDEEP

24576:uyPeO9ldNOq7jKR3RB26k0q6HKvKcMUDStiRCH5k8XC6YIKs55gf9Fm1D:9h9bwdR3/RkKKvKcMU2KCHi8yRIT55k

Score

10^/10

amadey redline nrava infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

nrava

C2

77.91.124.82:19071

Attributes

auth_value
43fe50e9ee6afb85588e03ac9676e2f7

Targets

- Target
  
  5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594
- Size
  
  1.4MB
- MD5
  
  007f9f8c2c4f960b7f0b81667ba0521a
- SHA1
  
  4807e340be2870eac0b4fd30d0b7a10288ca0b8d
- SHA256
  
  5b762ac632cf8f888a32eacd367409ad7b9d34bed92c1c0baf99053d50996594
- SHA512
  
  66bc59160d48985fc731e742f81843fb3bcc9c0c326a421030c9a92d63253bee8769dd93f0adbb164bce34a9423c1207732b97c5b5319cbd80a8943117a8456d
- SSDEEP
  
  24576:uyPeO9ldNOq7jKR3RB26k0q6HKvKcMUDStiRCH5k8XC6YIKs55gf9Fm1D:9h9bwdR3/RkKKvKcMU2KCHi8yRIT55k
Score

10^/10

amadey redline nrava infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinenravainfostealerpersistencetrojan