Overview
overview
10Static
static
10AMON-Eye/C...ock.py
windows7-x64
3AMON-Eye/C...ock.py
windows10-2004-x64
3AMON-Eye/C...ent.py
windows7-x64
3AMON-Eye/C...ent.py
windows10-2004-x64
3AMON-Eye/C...ver.py
windows7-x64
3AMON-Eye/C...ver.py
windows10-2004-x64
3AMON-Eye/C...dns.py
windows7-x64
3AMON-Eye/C...dns.py
windows10-2004-x64
3AMON-Eye/C...end.py
windows7-x64
3AMON-Eye/C...end.py
windows10-2004-x64
3AMON-Eye/C...ams.py
windows7-x64
3AMON-Eye/C...ams.py
windows10-2004-x64
3AMON-Eye/C..._ex.py
windows7-x64
3AMON-Eye/C..._ex.py
windows10-2004-x64
3AMON-Eye/C...ers.py
windows7-x64
3AMON-Eye/C...ers.py
windows10-2004-x64
3AMON-Eye/C...smb.py
windows7-x64
3AMON-Eye/C...smb.py
windows10-2004-x64
3AMON-Eye/C...age.py
windows7-x64
3AMON-Eye/C...age.py
windows10-2004-x64
3AMON-Eye/C...orm.py
windows7-x64
3AMON-Eye/C...orm.py
windows10-2004-x64
3AMON-Eye/C...rls.py
windows7-x64
3AMON-Eye/C...rls.py
windows10-2004-x64
3AMON-Eye/C...ert.sh
ubuntu-18.04-amd64
7AMON-Eye/C...ert.sh
debian-9-armhf
7AMON-Eye/C...ert.sh
debian-9-mips
1AMON-Eye/C...ert.sh
debian-9-mipsel
7AMON-Eye/C...ers.py
windows7-x64
3AMON-Eye/C...ers.py
windows10-2004-x64
3AMON-Eye/C...ile.py
windows7-x64
3AMON-Eye/C...ile.py
windows10-2004-x64
3General
-
Target
AMON-Eye.zip
-
Size
70.9MB
-
Sample
230324-af98vsda3z
-
MD5
59f1014abbf5670b66986a3088dd6a8c
-
SHA1
c0df4ddf5485485b284bff4993c85fd8413f8aca
-
SHA256
8c2a7ddd3df7bf22b0e8d38ad9497b6e2d2eacf820316f5185663bdc73106b8e
-
SHA512
8458bc5b8b061e16c3f03a07bb00f60f7f46c9646d765403b484eb0ac4f412ea75cea2c36e5714f2b8cef7ae70a751fd13c86ab3f43a1b080f7ee80535584c72
-
SSDEEP
1572864:whKsDyW9sN7TRQtYxbKfy75edt+Ky2YG+xOq5FQBfev40K2tmr:wBDfsxTRQC375edt+Ky26xcWQ0rtc
Behavioral task
behavioral1
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stageblock.py
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stageblock.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerclient.py
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerclient.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerserver.py
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerserver.py
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/dns.py
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/dns.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/file_type_prepend.py
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/file_type_prepend.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/params.py
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/params.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/post_ex.py
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/post_ex.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/reg_headers.py
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/reg_headers.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/smb.py
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/smb.py
Resource
win10v2004-20230221-en
Behavioral task
behavioral19
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/stage.py
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/stage.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral21
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/transform.py
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/transform.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral23
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/urls.py
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/data/urls.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral25
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral26
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral27
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral28
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral29
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/helpers.py
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/helpers.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral31
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/profile.py
Resource
win7-20230220-en
Behavioral task
behavioral32
Sample
AMON-Eye/C2-Profiles/concealer/C2concealer/profile.py
Resource
win10v2004-20230220-en
Malware Config
Extracted
cobaltstrike
http://:4444YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
http://M1�H��H��H��H��A������H��jAXL��H��A���7g��H1�H��A���8���M1�H1�H��A�t�;���H��H��A�unMa��Hï¿½Ä :1220708680M1�H1�H��A�t�;���H��H��A�unMa��H�Ä
http://M1�H��H��H��H��A������H��jAXL��H��A���ta��H��@:1220708680H��M1�jAXH��A���_��H�� ^��j@AYh
-
user_agent
h
Extracted
metasploit
windows/shell_reverse_tcp
127.0.0.1:4444
Extracted
metasploit
metasploit_stager
127.0.0.1:4444
Targets
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stageblock.py
-
Size
3KB
-
MD5
3e7dda95094fce3ed316220a5ce9eb0b
-
SHA1
f6ebf2e3594669e915c08fa07dfcefa1f7f1de7e
-
SHA256
d9bc8eb914eda5c35496719af8a2a104684057c1bd311ddae927dce837acfce0
-
SHA512
1f198abc0ee2479adb85dbc1af19e34e541f53bcf3656ebd99d9da8b0a1571b5ea4a186e58f8550125dcbf043a47b8719944cb4c5833901ce0a0217de6c2ac22
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerclient.py
-
Size
2KB
-
MD5
20bbef826ab9bb86cf5bbc1db856199c
-
SHA1
d805eb13fc3b1b5167207513ed0b19e3f7c70b19
-
SHA256
723eaaa41d3c66b892036dd04ea82cd64ab29f26bb367632eceb92df42b3eee6
-
SHA512
15342ebbdff6d8f99e3ff2c24c67b8f14fcde2b2a0b1cbc22ccc18b6fbece6219a087b7e4a5ce269e54f60ca4ba9c9b4eef94d23f311cf1b60600d3d2523a860
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerserver.py
-
Size
2KB
-
MD5
1329e047df58fcbb9b1c3fd0e2cf4d6a
-
SHA1
f5016e993fc94af873305765a2482241fbbcfddf
-
SHA256
61220022fc5c41e23f15e5ad6b6b8103f558ce217be1043f0db9f8bdef221eb3
-
SHA512
65ab1bc1e9ac29e921ca13fb797fa944665d05b1df42bc4be55d19d8b9f3b4a6a060dc3a9c7c7554e32eb9893f997351955c0cb48ca7e90b608232734d40af03
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/dns.py
-
Size
479B
-
MD5
db74582b6d6a919f6036e8b4d0b5a220
-
SHA1
be663085876d2c070e76a79232072254d3de799d
-
SHA256
583f9edc35c64bd71a08142eefb5cec3582a0765cb8a8a9211d88006dba561db
-
SHA512
6c17fb62ceef6b651b715e0d2a302bd50bf1f8f9081c3d44ff70fa9c942692821606595401bed0c53fdc71352e0fabae47b9bb7aa87977863f25192aee083ed5
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/file_type_prepend.py
-
Size
8KB
-
MD5
76f6fa579d20d17569ad6ea776e0b2ee
-
SHA1
a67218f3e316bbee4d3bbab722272421e58a8419
-
SHA256
c0d33e28a88db38571cadc37e740a6167cb38e992880004b6287296a01b1b0e8
-
SHA512
c9103985ed32ec040678b099193f521ac569b2dcc6d7109c9e996652b5a4ab59c1c63678f928465579f7e7cb308b91ed978b317d2b67e55b08df701b591095ff
-
SSDEEP
96:uQLps+jfc6Lj9lQ8g3cXjwwgHyRgtySsqYhxR0DXenmmKWuEomKWuEqPoFulFTjR:uqpK6Lj9WLGgYSVYTNnmmEmWl9FD1
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/params.py
-
Size
2KB
-
MD5
e3330966a9726fd05e22144db3750a96
-
SHA1
5be11c99872d9a09cda3708cdb049482e5bd159b
-
SHA256
9e32a486fc3a79b5640bc934a10092e6540c11a6ce02dde064d999cd98ce1394
-
SHA512
71654f98d841965f5b5a64de7ebb7da21a0c6b592809d27e8a65bd4a00967fd0244f9c28e93c0a14873f308a0c6f72635f5a676edbe268d77c36c6d529ba4d04
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/post_ex.py
-
Size
281B
-
MD5
027889ea4cf8c2db69ad51879a1a597f
-
SHA1
05f59a51c78409561ca49eb88e038e18f1b088a9
-
SHA256
4d5ac5e7c2909532858300f608dc213d481988e072c8a9b81eb96d83512186a1
-
SHA512
c805955db6fa268b5fcd01c97b2803ba7a02d4cae4cbc3fa346496c6842126d60c1046c0355b44877dfbd008d0ca850cadd2ec3fbd33e2d5a6b355e32aabc44a
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/reg_headers.py
-
Size
2KB
-
MD5
8350383a637aced46cd32ccc885bea83
-
SHA1
57ae62e6858a16126d08040d27b3773e4a731072
-
SHA256
f23eb93a894baf621419c44452fb74163144419395503257f4730003d2aeb769
-
SHA512
6fa5f3da5cac021a580117cd43db50c196b90b5ddc8b44d4ac5fec94471fbb8945a4e2595998b53c3bcce1fb1e3d0a99021da611a877ec1696084c886771d5f1
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/smb.py
-
Size
403B
-
MD5
4402f2ea95fc7c0a0b7be934ac000fed
-
SHA1
88163c7d6ddde96a273e0d6180276d4e2dc8bba9
-
SHA256
061cfd64d9517e282e2236bcb7783b2b20fab659e589a84c010e200105489ff5
-
SHA512
306f31d7c3cdf2d139e4d2e6a17cc2f391675f054f7dc3d91c0872db33c9ec4e4d49a323dc6f3a8ca49e311230d62464a7226c6152b73008603de99e329eae5d
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/stage.py
-
Size
1013B
-
MD5
ea24c802179f5a4d8e58594a3377a573
-
SHA1
f58972e6a61763fa3225d6b3d64a2bd2a0117502
-
SHA256
d874ab48120be6f2d5c3b16407beea860d3cf4cb6081a7ec49e3e1782f883ab1
-
SHA512
ec320f817304a9c7921735e04c5ec16bb07a68fb611b936dbe9e861d5fef61e2fcadd5f43f5f071a34f0ef8f8e834d9d71675614775659d41a28800fb568c99c
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/transform.py
-
Size
316B
-
MD5
1a6a1655b55010deeef7044c802eb11c
-
SHA1
42fd88a8d356e8be076181ad1ae10b9b0e231acf
-
SHA256
73608dd176e3eca70e499f2828f99ff67112230b796bbb67fc285b9f522aa573
-
SHA512
6eee96410cd9aa170f889f9bef87394e8131511e7ccf03626458fad4a3eb8f8fa3d0e76373957171eda0029376882a44dd5fc0f0eb9f41c85d1607d50e5c6ba0
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/data/urls.py
-
Size
1KB
-
MD5
79d429e5ff21c52a4c4b2a57f2f6c100
-
SHA1
1473b0466547e948231a30812e4cd5830ee0c88c
-
SHA256
e3b9797ed49d6e3b53ec69dd2e7232767b871b865d419dbd364b1b92a8c58ad6
-
SHA512
a124d73abfb961734d8d2506c7e4cd3218d00118915f924e94abee04ecec47882eb6847a138f1e71a81148cdcc5126a249d20fac82cb7db48ee7ed3acaafd113
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
-
Size
3KB
-
MD5
1a71fdcc4eaf4242c75e4b29d1ab33be
-
SHA1
d1876d0174bcb3b83e7b23e78ac3eea1c4a4fa0d
-
SHA256
8673414c782db143a1471073e49829783c4cde49cb24b65cfb245d16f02003d0
-
SHA512
ddaf9fa70ce71a2d7471a04e9f63fc7e9f9dc07d561cbab17890c73b2e68ba735fe463d5d54cbfd4958add25a0cb1473f5a8a796561ff45017ee5541c845ace4
Score7/10-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/helpers.py
-
Size
7KB
-
MD5
00c11fb1c1f1a22a12253098c26993f4
-
SHA1
87d01548a54cd17a67665ac7d3e1a94c0a8d1a40
-
SHA256
e170f25b0ca874c4b67baf68120c73bf8f33f8dd158183d809af492ef7fe0e1f
-
SHA512
07464f7036c67897168d6038fc0073c0c49858b47650b7a35f046dcf8346e6a0a1c72ab9e6f612ebde39acb338330705c91aab3271399e9613c10cedfc03fde6
-
SSDEEP
192:aE/x5nuA0IVL/ZN8MMaeKLFeWGwlhs3+1r:a2fziZ71WjIu
Score3/10 -
-
-
Target
AMON-Eye/C2-Profiles/concealer/C2concealer/profile.py
-
Size
6KB
-
MD5
422dda526857322c270ada522bd2e9fd
-
SHA1
184cb0fa4ec086936d7cb20f1ba3146ccea2116f
-
SHA256
b5a588568de7d58aabb121e1a8d01b5cd8d24c26e32cc144afa4341ea70ccd1b
-
SHA512
86f46c17b2555f4f74621c37825f07605ce34589b6664b0d4df77b733ed775d730a0c210eb26fc971fcd04a505597e426a2a38ba3feb857e5f581a52d7e4bc38
-
SSDEEP
192:nQSCKfAKqTjajMFXvRajxaDag+vWbIiOi5hqFFK2Y:nQKfxkawD+vWbzX5h0kf
Score3/10 -