amadey | e6d54c7fee5bd5010b233cfbcf3af356cd8ba3b6f8ddca1fc7e9f8d2d462064c | Triage

Sharing

General

Target

e6d54c7fee5bd5010b233cfbcf3af356cd8ba3b6f8ddca1fc7e9f8d2d462064c
Size

1.5MB
Sample

230903-1y75bscd4s
MD5

2f59f05ff4b0887756fda62144d6765a
SHA1

3b0aa5f69c46d5b6656f949acacfa81db560bccf
SHA256

e6d54c7fee5bd5010b233cfbcf3af356cd8ba3b6f8ddca1fc7e9f8d2d462064c
SHA512

b82baa50f5dd2787150e6872304c0bfbdd73a6d79b9caf21f45b14cab43f5c76e512723edcae3ca8baa0b792a91476886d6fe53be46676d40db7fb52b15adb21
SSDEEP

49152:7przOYqs4pogNqRgmHJnX6Psmw0gXN6FPOTqfqOHVvmL:VOYqfogNqR/HJKEm9gXNGPOTszmL

Score

10^/10

amadey redline narik infostealer persistence trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes

install_dir
b40d11255d
install_file
saves.exe
strings_key
fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Extracted

Family

redline

Botnet

narik

C2

77.91.124.82:19071

Attributes

auth_value
07924f5ef90576eb64faea857b8ba3e5

Targets

- Target
  
  e6d54c7fee5bd5010b233cfbcf3af356cd8ba3b6f8ddca1fc7e9f8d2d462064c
- Size
  
  1.5MB
- MD5
  
  2f59f05ff4b0887756fda62144d6765a
- SHA1
  
  3b0aa5f69c46d5b6656f949acacfa81db560bccf
- SHA256
  
  e6d54c7fee5bd5010b233cfbcf3af356cd8ba3b6f8ddca1fc7e9f8d2d462064c
- SHA512
  
  b82baa50f5dd2787150e6872304c0bfbdd73a6d79b9caf21f45b14cab43f5c76e512723edcae3ca8baa0b792a91476886d6fe53be46676d40db7fb52b15adb21
- SSDEEP
  
  49152:7przOYqs4pogNqRgmHJnX6Psmw0gXN6FPOTqfqOHVvmL:VOYqfogNqR/HJKEm9gXNGPOTszmL
Score

10^/10

amadey redline narik infostealer persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyredlinenarikinfostealerpersistencetrojan

behavioral2

amadeyredlinenarikinfostealerpersistencetrojan