Description
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
SecuriteInfo.com.Trojan.Win32.Save.a.12074.6092
333KB
211020-tmxqwshce9
aaf57561167db5ff9078b1dc96e69dc9
b45a09c52c6aa38725fce1f136f04a11aadc8d43
c37feba7ad29a50f566e779edd2c5514edcbd6e87909ca4d8e6d1f9727362d94
2b6e321876b0eba1a73eb823d8a982f70c643dd5bbfa0327167c1076f07fe691ef79dc0d2fd25f9e848af320d7e00d00785893784b0fc692bb3e1d09cd7338c7
Family | smokeloader |
Version | 2020 |
C2 |
http://gejajoo7.top/ http://sysaheu9.top/ http://nusurtal4f.net/ http://netomishnetojuk.net/ http://escalivrouter.net/ http://nick22doom4.net/ http://wrioshtivsio.su/ http://nusotiso4.su/ http://rickkhtovkka.biz/ http://palisotoliso.net/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | tofsee |
C2 |
quadoil.ru lakeflex.ru |
Family | raccoon |
Botnet | 7ebf9b416b72a203df65383eec899dc689d2c3d7 |
Attributes |
url4cnc http://telegatt.top/agrybirdsgamerept http://telegka.top/agrybirdsgamerept http://telegin.top/agrybirdsgamerept https://t.me/agrybirdsgamerept |
rc4.plain |
|
rc4.plain |
|
Family | redline |
Botnet | install |
C2 |
176.9.244.86:23637 |
Family | amadey |
Version | 2.70 |
C2 |
185.215.113.45/g4MbvE/index.php |
Family | vidar |
Version | 41.5 |
Botnet | 706 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 706 |
Family | raccoon |
Botnet | 7c9b4504a63ed23664e38808e65948379b790395 |
Attributes |
url4cnc http://telegka.top/capibar http://telegin.top/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Family | vidar |
Version | 41.5 |
Botnet | 517 |
C2 |
https://mas.to/@xeroxxx |
Attributes |
profile_id 517 |
Family | djvu |
C2 |
http://rlrz.org/lancer |
Language | ps1 |
Deobfuscated |
|
URLs |
ps1.dropper
https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1 |
SecuriteInfo.com.Trojan.Win32.Save.a.12074.6092
aaf57561167db5ff9078b1dc96e69dc9
333KB
b45a09c52c6aa38725fce1f136f04a11aadc8d43
c37feba7ad29a50f566e779edd2c5514edcbd6e87909ca4d8e6d1f9727362d94
2b6e321876b0eba1a73eb823d8a982f70c643dd5bbfa0327167c1076f07fe691ef79dc0d2fd25f9e848af320d7e00d00785893784b0fc692bb3e1d09cd7338c7
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
Ransomware which is a variant of the STOP family.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
Vidar is an infostealer based on Arkei stealer.
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Uses net.exe to modify the user's privileges.
Modifies file attributes to stop it showing in Explorer etc.
Detects executables packed with UPX/modified UPX open source packer.
Detects executables packed with VMProtect commercial packer.
BIOS information is often read in order to detect sandboxing environments.
Infostealers often target stored browser data, which can include saved credentials etc.
Detects Themida, an advanced Windows software protection system.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Uses a legitimate IP lookup service to find the infected system's external IP.