MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Amadey


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7
SHA3-384 hash: 6e85e373217dd5064638d755e52bcc8acbffea1595ae8eba2a3df84b07f83c61d4830da45311ba8f4eea1b4463bb3241
SHA1 hash: bd607ae4db230775f0d0a934fd522649e3e4d392
MD5 hash: f7724b0f35792830011cc6158ba6fcfc
humanhash: india-juliet-king-finch
File name:calculator460.exe
Download: download sample
Signature Amadey
Create hunting rule
File size:1'046'016 bytes
First seen:2023-05-22 10:45:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 24576:Xy0mwzJNNtTOq9FNTi1jtKDwDgBovlyPhIoqrMvm6HF:irwz5tOq9F9i1jcMDSP+oqrMvvH
TLSH T155252312EEE45177DDB177B48DF713C30A3BBE946C3482693148698F1D326909AB1BA3
TrID 70.4% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
11.1% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
5.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
3.7% (.EXE) Win64 Executable (generic) (10523/12/4)
2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter Neiki
Tags:Amadey

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
calculator460.exe
Verdict:
Malicious activity
Analysis date:
2023-05-22 11:56:16 UTC
Tags:
redline
Link:
https://app.any.run/tasks/1876358d-24d0-49b1-bcf7-f46c804c84fb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Launching a service
Creating a file
Blocking the Windows Defender launch
Disabling the operating system update service
Unauthorized injection to a recently created process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
91%
Tags:
advpack.dll CAB confuserex installer lolbin packed packed rundll32.exe setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/646b480b0f421fdacd9cdc8e/reports/e2f23c02-53f2-4b15-a6b5-5c6ac29b199d/overview
Verdict:
Malicious
Labled as:
HEUR/AGEN.1323756
Link:
https://www.hybrid-analysis.com/sample/8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RedLine stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/19d257a1-4d36-4a69-8f49-e6c51a4f2bb0
Result
Threat name:
RedLine
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1239876
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7/
Threat name:
Win32.Trojan.RedLineStealer
Create hunting rule
Status:
Malicious
First seen:
2023-05-22 10:03:31 UTC
File Type:
PE (Exe)
Extracted files:
118
AV detection:
28 of 37 (75.68%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2ba5xbfaqezlkjiovaqw52f4d5lekezwungmqq22u7jgk34q73q._file
Result
Malware family:
redline
Create hunting rule
Score:
  10/10
Tags:
family:redline botnet:luza evasion infostealer persistence trojan
Link:
https://tria.ge/reports/230522-mt5azsfg93/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Windows security modification
Modifies Windows Defender Real-time Protection settings
RedLine
Malware Config
C2 Extraction:
185.161.248.37:4138
Unpacked files
SH256 hash:
ae5963fae8b0fe6ebb5b82623c65880261284668d05eb631f7d233f715d8c12b
MD5 hash:
b3cccbc37edb6729def3d35002525728
SHA1 hash:
e0f4e53169292e32ffa3e6524c0c99fa5095a7a0
Link:
https://www.unpac.me/results/ccabad8a-8f81-4aba-a3ea-dec70a3b0c19/
SH256 hash:
78aba28ee3dc7d5a365cd3843ab9a5457b225fe5d57beef5be154c71f3757a68
MD5 hash:
71663a1b857d126898900b9bc88fe08a
SHA1 hash:
9d8fd90e2180e30178340e85e6801f29b11cd348
Link:
https://www.unpac.me/results/ccabad8a-8f81-4aba-a3ea-dec70a3b0c19/
SH256 hash:
e531d04554f1d8126f96273a4370885c9385edd1fdf2505898cd76f00cfddfc3
MD5 hash:
aff0d97802e43719f61ae70c074b849d
SHA1 hash:
924227f2f0129c96919c38d3fdb7fb60e5b087e8
Detections:
redline
Create hunting rule
Link:
https://www.unpac.me/results/ccabad8a-8f81-4aba-a3ea-dec70a3b0c19/
SH256 hash:
9911ce83562b4b766c7ca3427a205b9e6bdbafd83a50e4cfaf3dadc88e6d5f5d
MD5 hash:
fd8e57d8b5fce644e73e72b1a64638c5
SHA1 hash:
2e58b0f7169156013e5b9ddc9b82ec7cf84bd39e
Link:
https://www.unpac.me/results/ccabad8a-8f81-4aba-a3ea-dec70a3b0c19/
SH256 hash:
7398cb182725eb65042a7b8f01b381d8681099b6784dbef03be7a35d969fde8c
MD5 hash:
849205584b81457fd5254960d24a23c1
SHA1 hash:
874fa6494c0bb62bad377a76c4d73521e078bb67
Link:
https://www.unpac.me/results/ccabad8a-8f81-4aba-a3ea-dec70a3b0c19/
SH256 hash:
8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7
MD5 hash:
f7724b0f35792830011cc6158ba6fcfc
SHA1 hash:
bd607ae4db230775f0d0a934fd522649e3e4d392
Link:
https://www.unpac.me/results/ccabad8a-8f81-4aba-a3ea-dec70a3b0c19/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Redline
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Amadey

Executable exe 8e820edc25040995a92875410b7745e0fab22899b51a66421ad53e932b7c87f7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2631490/
  
Delivery method
Distributed via web download

Comments