amadey | e970e0ea04a9999382c8cb97b9d6cfa57005967e520da832642255bea1d7c5e4 | Triage

Sharing

General

Target

e970e0ea04a9999382c8cb97b9d6cfa57005967e520da832642255bea1d7c5e4
Size

704KB
Sample

230829-x5ejtafb63
MD5

99bacda620b636f0c426ff01fb2e90c6
SHA1

9ee5772e5d8b7cee25253eee74db01e933ba5b37
SHA256

e970e0ea04a9999382c8cb97b9d6cfa57005967e520da832642255bea1d7c5e4
SHA512

60b246f832a2362f62bcaac4c01af287e84fe15a8ca431092f0398c99fc69d2d1af573f042489c21b720504e058078167630bfe3c8c486ab7908d778f6a5993a
SSDEEP

12288:+MrNy90Pf285npnOHMva/73T8xiVDXtmhX2rmwoZI90tWzPoSAWG:zyo+85npnuIa/73T8ADBmweICAtAWG

Score

10^/10

amadey healer redline sruta dropper evasion infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Extracted

Family

redline

Botnet

sruta

C2

77.91.124.82:19071

Attributes

auth_value
c556edcd49703319eca74247de20c236

Targets

- Target
  
  e970e0ea04a9999382c8cb97b9d6cfa57005967e520da832642255bea1d7c5e4
- Size
  
  704KB
- MD5
  
  99bacda620b636f0c426ff01fb2e90c6
- SHA1
  
  9ee5772e5d8b7cee25253eee74db01e933ba5b37
- SHA256
  
  e970e0ea04a9999382c8cb97b9d6cfa57005967e520da832642255bea1d7c5e4
- SHA512
  
  60b246f832a2362f62bcaac4c01af287e84fe15a8ca431092f0398c99fc69d2d1af573f042489c21b720504e058078167630bfe3c8c486ab7908d778f6a5993a
- SSDEEP
  
  12288:+MrNy90Pf285npnOHMva/73T8xiVDXtmhX2rmwoZI90tWzPoSAWG:zyo+85npnuIa/73T8ADBmweICAtAWG
Score

10^/10

amadey healer redline sruta dropper evasion infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyhealerredlinesrutadropperevasioninfostealerpersistencetrojan