General

  • Target

    6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e

  • Size

    1.1MB

  • Sample

    230420-egpe1ahd5y

  • MD5

    d99b95e45bb77629e36148da8a3ae8e7

  • SHA1

    c8cbaf67b1421e1b648b59bb034009ccb3bf2c5e

  • SHA256

    6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e

  • SHA512

    6ec3fcc0184b4a7455f4a5f3719a955597ba6a8552a8676ee234f921583970615f3e05507e8d7f78942866dc89217627f6e265a0b4b0f292e9415679885cd2c0

  • SSDEEP

    24576:wyoI57TE/bLARVc+VtkXdE61Hw1ymgrbVn6JWpVpNUFZFHSsD8:3J57TW4R/L1yZVGWzpajFH

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

    • Target

      6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e

    • Size

      1.1MB

    • MD5

      d99b95e45bb77629e36148da8a3ae8e7

    • SHA1

      c8cbaf67b1421e1b648b59bb034009ccb3bf2c5e

    • SHA256

      6134101dfecc45cceca53f85697693863a43ccb13e6028ce655d0885cadc128e

    • SHA512

      6ec3fcc0184b4a7455f4a5f3719a955597ba6a8552a8676ee234f921583970615f3e05507e8d7f78942866dc89217627f6e265a0b4b0f292e9415679885cd2c0

    • SSDEEP

      24576:wyoI57TE/bLARVc+VtkXdE61Hw1ymgrbVn6JWpVpNUFZFHSsD8:3J57TW4R/L1yZVGWzpajFH

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect rhadamanthys stealer shellcode

    • Modifies Windows Defender Real-time Protection settings

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses Microsoft Outlook profiles

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks