General

  • Target

    9dc7f9393f54a7bf933471b7ab6112bc.bin

  • Size

    1.2MB

  • Sample

    230420-b3t1tsgg3x

  • MD5

    ddb4d3fdb6be4caddf6984f58577bfd8

  • SHA1

    278cda44bb103f72a3651d641f6bde381749f11c

  • SHA256

    a42665d5c059292f531f025fe191f58a017baef95c4b56b05c0423d18dd75d61

  • SHA512

    61923aec6fc09b8d70fda249e024923c272227450a0faea46e52acbcfbbe7bcdc6605fd6c9ccbd010a10c4783f2e615ece588db8a6b7fdf001a7fd24c4c64916

  • SSDEEP

    24576:zUn1o++S8BReiRlAbQRKWcYXhdR4PuJ2dKQ70bqHlj7RjhBtTA:E1o+RewiRQgcSh4g2HhtXFA

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      fb6ce24e85b41bb956eb4de5e5da0139c7fde30c9d535ab4e2d4fb710bf3650c.exe

    • Size

      1.2MB

    • MD5

      9dc7f9393f54a7bf933471b7ab6112bc

    • SHA1

      fb89c78489c12820ac134a72a630d26269cd9e7f

    • SHA256

      fb6ce24e85b41bb956eb4de5e5da0139c7fde30c9d535ab4e2d4fb710bf3650c

    • SHA512

      0214f796de70ef859b8cf12b21c2761a574660fc7a5a3781f9ddf346cb18b2ba2edcd3e14984eeb24b79358ee7f0cc3d78bc72496714b8a5b76b4b6bb2f00f00

    • SSDEEP

      24576:kyvWSSmy9HZ0azlkqBAfuLF8vYffHleFhzogIcg2XUp8sl/F8:zuSkHhCfua4eFhzsctTa/F

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect rhadamanthys stealer shellcode

    • Modifies Windows Defender Real-time Protection settings

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks