General

  • Target

    1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76

  • Size

    1.1MB

  • Sample

    230420-c6ekzsfa82

  • MD5

    d03fb76ee375f2a4c8b6022f76dcce07

  • SHA1

    29165788a382dc62a22e05e127f1e750662798f9

  • SHA256

    1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76

  • SHA512

    ddaa972b753258b25d835b81944d132b4897e81df8c357be4099c2cf61f823fba8fb3c27a4b6cad7c5103835c3db100cf0a7aa7310299f4c483b0e5094e5e87d

  • SSDEEP

    24576:7yX+HKSAW3zCaODuALAv0COfYl1maSWc8gFpE8VK/9:uX5SAW3zCJq30DqmahclFpk

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76

    • Size

      1.1MB

    • MD5

      d03fb76ee375f2a4c8b6022f76dcce07

    • SHA1

      29165788a382dc62a22e05e127f1e750662798f9

    • SHA256

      1022e82ce96f17dae4654aabb7aa6620cb36ff461c97a32859f1946c31b95c76

    • SHA512

      ddaa972b753258b25d835b81944d132b4897e81df8c357be4099c2cf61f823fba8fb3c27a4b6cad7c5103835c3db100cf0a7aa7310299f4c483b0e5094e5e87d

    • SSDEEP

      24576:7yX+HKSAW3zCaODuALAv0COfYl1maSWc8gFpE8VK/9:uX5SAW3zCJq30DqmahclFpk

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect rhadamanthys stealer shellcode

    • Modifies Windows Defender Real-time Protection settings

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks