General

  • Target

    d3045e08049b7dbd97bf0140a5cf71d798ea21ca46c930f17d63710303cf13df

  • Size

    1.1MB

  • Sample

    230420-dapxhshb4x

  • MD5

    ecf64962bf1f371496940c9b05a1d48f

  • SHA1

    44f198dc6336255fc772c1f45af03579569f863e

  • SHA256

    d3045e08049b7dbd97bf0140a5cf71d798ea21ca46c930f17d63710303cf13df

  • SHA512

    33f79cde599a5401eb7fdd2162649d5aa2e84dbc3bd7861f3e9dddd03ab1bb19cb24134cac15f37929c55eeb9574c9565f9d78dd915d71a9cdc2a8b2695c84bf

  • SSDEEP

    24576:lyihM8w7C8Vd8vuhnaWEi2XvaVSt7doXFoXTyVrTB+kIf:A+M81cdL/2Xvws72FWYTokI

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      d3045e08049b7dbd97bf0140a5cf71d798ea21ca46c930f17d63710303cf13df

    • Size

      1.1MB

    • MD5

      ecf64962bf1f371496940c9b05a1d48f

    • SHA1

      44f198dc6336255fc772c1f45af03579569f863e

    • SHA256

      d3045e08049b7dbd97bf0140a5cf71d798ea21ca46c930f17d63710303cf13df

    • SHA512

      33f79cde599a5401eb7fdd2162649d5aa2e84dbc3bd7861f3e9dddd03ab1bb19cb24134cac15f37929c55eeb9574c9565f9d78dd915d71a9cdc2a8b2695c84bf

    • SSDEEP

      24576:lyihM8w7C8Vd8vuhnaWEi2XvaVSt7doXFoXTyVrTB+kIf:A+M81cdL/2Xvws72FWYTokI

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect rhadamanthys stealer shellcode

    • Modifies Windows Defender Real-time Protection settings

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks