Description
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
1e14a74052051f97b5b31ee8d5e92a32.exe
291KB
211224-trclhsefd3
1e14a74052051f97b5b31ee8d5e92a32
ea4a3b275a6abaf48d84a026382986274defb352
3d9ebf871e9ada91551158af5078da769ca8bea4014afcd75472deb0d4beb538
04431396fd4e61bb8506a3f2b20d7346e7a128a45292a9bdfe2f94d6d68f389129d19ad2e095146070853871bb6787fd1e2ac859f64ba758752d415d359ed85c
Family | smokeloader |
Version | 2020 |
C2 |
http://host-data-coin-11.com/ http://file-coin-host-12.com/ http://srtuiyhuali.at/ http://fufuiloirtu.com/ http://amogohuigotuli.at/ http://novohudosovu.com/ http://brutuilionust.com/ http://bubushkalioua.com/ http://dumuilistrati.at/ http://verboliatsiaeeees.com/ |
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
rc4.i32 |
|
Family | tofsee |
C2 |
mubrikych.top oxxyfix.xyz |
Family | redline |
Botnet | 1 |
C2 |
86.107.197.138:38133 |
Family | amadey |
Version | 3.01 |
C2 |
185.215.113.35/d2VxjasuwS/index.php |
Family | raccoon |
Botnet | 10da56e7e71e97bdc1f36eb76813bbc3231de7e4 |
Attributes |
url4cnc http://194.180.174.53/capibar http://91.219.236.18/capibar http://194.180.174.41/capibar http://91.219.236.148/capibar https://t.me/capibar |
rc4.plain |
|
rc4.plain |
|
Family | amadey |
Version | 2.86 |
C2 |
2.56.56.210/notAnoob/index.php |
1e14a74052051f97b5b31ee8d5e92a32.exe
1e14a74052051f97b5b31ee8d5e92a32
291KB
ea4a3b275a6abaf48d84a026382986274defb352
3d9ebf871e9ada91551158af5078da769ca8bea4014afcd75472deb0d4beb538
04431396fd4e61bb8506a3f2b20d7346e7a128a45292a9bdfe2f94d6d68f389129d19ad2e095146070853871bb6787fd1e2ac859f64ba758752d415d359ed85c
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
Arkei is an infostealer written in C++.
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
Simple but powerful infostealer which was very active in 2019.
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
Modular backdoor trojan in use since 2014.
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
Vidar is an infostealer based on Arkei stealer.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.
Attempts to read the root path of hard drives other than the default C: drive.