General
-
Target
cc8cd1d3932a0fdf15f053ac0304178faff9e03eab73fc2b1e8c15b67fe9b40b
-
Size
1.1MB
-
Sample
230419-pgg12aad65
-
MD5
6d5ada76a39f2adf0bdd49da0adc53d7
-
SHA1
8b5cf6001842cec93b7ef114adc66ab0a2ad716b
-
SHA256
cc8cd1d3932a0fdf15f053ac0304178faff9e03eab73fc2b1e8c15b67fe9b40b
-
SHA512
c934b5ffcda108ac01bb6491a30c79ff626fb63acd0eefa57edbe65932f576d3501d2524628aa3fcf8582021f056373f7d6d54ed6fdb86f3bdc6d88577652b1d
-
SSDEEP
24576:AyVW9BdXsTghUJm20F9GDNnBEx++Ejscm/xb6Q4maxEFCXPD94zwg:HIB+cgm2471fR4NEKrq
Malware Config
Extracted
amadey
3.70
212.113.119.255/joomla/index.php
Extracted
aurora
89.208.103.78:8081
Targets
-
-
Target
cc8cd1d3932a0fdf15f053ac0304178faff9e03eab73fc2b1e8c15b67fe9b40b
-
Size
1.1MB
-
MD5
6d5ada76a39f2adf0bdd49da0adc53d7
-
SHA1
8b5cf6001842cec93b7ef114adc66ab0a2ad716b
-
SHA256
cc8cd1d3932a0fdf15f053ac0304178faff9e03eab73fc2b1e8c15b67fe9b40b
-
SHA512
c934b5ffcda108ac01bb6491a30c79ff626fb63acd0eefa57edbe65932f576d3501d2524628aa3fcf8582021f056373f7d6d54ed6fdb86f3bdc6d88577652b1d
-
SSDEEP
24576:AyVW9BdXsTghUJm20F9GDNnBEx++Ejscm/xb6Q4maxEFCXPD94zwg:HIB+cgm2471fR4NEKrq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Aurora
Aurora is a crypto wallet stealer written in Golang.
-
Modifies Windows Defender Real-time Protection settings
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-