amadey | d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
Size

1.5MB
Sample

231123-tnmmbaag27
MD5

32fd90862f9a7732ec49aad05ba343fe
SHA1

473a409ad0d6e896cedfa546c30b16b56355a11f
SHA256

d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
SHA512

6b89f4e1f9874d580f2fe7acede465d7f9c651e57072b6ea02be5b8eaa89a6d97e9dd9d5181c710a3e00a5645806307311c11fb85a280ad2b961a90d63efe6dd
SSDEEP

24576:ZQIsq2Q2GOAO4fCCy7gtlkJSfU2qZhGjZRDsKjuRui26a24UzhlMxO+znN:ZQIsq2Q2GOAO4fCZ7YlI2UioKCoi9zhM

Score

10^/10

amadey zgrat discovery rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3.exe

Resource

win10-20231023-en

amadey zgrat discovery rat spyware stealer trojan

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://brodoyouevenlift.co.za

Attributes

install_dir
ce3eb8f6b2
install_file
Utsysc.exe
strings_key
c5b804d7b4c8a99f5afb89e5203cf3ba
url_paths
/g9sdjScV2/index.php

/vdhe8ejs3/index.php

rc4.plain

Targets

- Target
  
  d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
- Size
  
  1.5MB
- MD5
  
  32fd90862f9a7732ec49aad05ba343fe
- SHA1
  
  473a409ad0d6e896cedfa546c30b16b56355a11f
- SHA256
  
  d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3
- SHA512
  
  6b89f4e1f9874d580f2fe7acede465d7f9c651e57072b6ea02be5b8eaa89a6d97e9dd9d5181c710a3e00a5645806307311c11fb85a280ad2b961a90d63efe6dd
- SSDEEP
  
  24576:ZQIsq2Q2GOAO4fCCy7gtlkJSfU2qZhGjZRDsKjuRui26a24UzhlMxO+znN:ZQIsq2Q2GOAO4fCZ7YlI2UioKCoi9zhM
Score

10^/10

amadey zgrat discovery rat spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect ZGRat V1
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadeyzgratdiscoveryratspywarestealertrojan

© 2018-2024

Terms | Privacy