General

  • Target

    1.exe

  • Size

    6KB

  • Sample

    230720-adj9nabg73

  • MD5

    7487dc64d989f425e6f9423ea010a0cb

  • SHA1

    1589c6f4b75968ccd77d4929272d619cdd22b491

  • SHA256

    482a4cf3eb221445e7d2b45dff43b565d6c203170313f0fad30aa920f61747ad

  • SHA512

    0f83aea200ad6b6a4a268abc793000445202388057afdf76db8d3cf4f9b15f95a13af4edb8d96f12574ca773c626224703293afd6447c84dc172558b7bf305ee

  • SSDEEP

    96:NAuz8uzSluz+U2gJahPiDHrtedYfzJ0pkuw5bzNt:yzdlk2xhPiLRedYtokD9

Malware Config

Extracted

Family

amadey

Version

3.80

C2

45.15.156.208/jd9dd3Vw/index.php

second.amadgood.com/jd9dd3Vw/index.php

Extracted

Family

formbook

Version

4.1

Campaign

k2l0

Decoy

thaomocquysonla.click

everblue-scr.com

yifangwuliu.top

zmrwe.buzz

xiaodong6.xyz

apartmentsforrent-gb-tok.bond

mtproductions.xyz

yattaya.com

thetastyfoodguide.com

gulfcoastclubfishing.com

capitalrepros.com

sonetpl.com

amenallelulia.com

shafanavn.com

1ywab.com

getflooringservices.today

quanhuipeng.com

tinytribecollective.com

mollyandpat.com

280175053.xyz

Extracted

Family

darkcloud

Attributes

Targets

    • Target

      1.exe

    • Size

      6KB

    • MD5

      7487dc64d989f425e6f9423ea010a0cb

    • SHA1

      1589c6f4b75968ccd77d4929272d619cdd22b491

    • SHA256

      482a4cf3eb221445e7d2b45dff43b565d6c203170313f0fad30aa920f61747ad

    • SHA512

      0f83aea200ad6b6a4a268abc793000445202388057afdf76db8d3cf4f9b15f95a13af4edb8d96f12574ca773c626224703293afd6447c84dc172558b7bf305ee

    • SSDEEP

      96:NAuz8uzSluz+U2gJahPiDHrtedYfzJ0pkuw5bzNt:yzdlk2xhPiLRedYtokD9

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • DarkCloud

      An information stealer written in Visual Basic.

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Lumma Stealer

      An infostealer written in C++ first seen in August 2022.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Formbook payload

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

MITRE ATT&CK Enterprise v6

Tasks