General

  • Target

    3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63

  • Size

    1.1MB

  • Sample

    230420-chfs5seh65

  • MD5

    91aaadc1c227a5cca42e4837466d942a

  • SHA1

    ef63acc704859bc3a9affa47a8bd4dc61d78ac93

  • SHA256

    3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63

  • SHA512

    74925295bc13c21dbfd441cfd6a3cf639873b3b5b52826aa361182d1ee1cd9080876bdd1dd3b700ab53019566f0d3821c60d7a78407e09898493a7b64002c09d

  • SSDEEP

    24576:0yge08B8I54qsprUQi4MhYoouPU2Bo5H:D35lOrUscYooSBo5

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63

    • Size

      1.1MB

    • MD5

      91aaadc1c227a5cca42e4837466d942a

    • SHA1

      ef63acc704859bc3a9affa47a8bd4dc61d78ac93

    • SHA256

      3defc4e0bb4850d146d58d53c2f991ad028da18f37b3204f5b44fb9aabe5fd63

    • SHA512

      74925295bc13c21dbfd441cfd6a3cf639873b3b5b52826aa361182d1ee1cd9080876bdd1dd3b700ab53019566f0d3821c60d7a78407e09898493a7b64002c09d

    • SSDEEP

      24576:0yge08B8I54qsprUQi4MhYoouPU2Bo5H:D35lOrUscYooSBo5

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect rhadamanthys stealer shellcode

    • Modifies Windows Defender Real-time Protection settings

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks