amadey | 60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
Size

1.3MB
Sample

231203-2fcq5sfg61
MD5

28995fd2b7e5c574cd5c910d2f1fa923
SHA1

38d8be92979b5a6cbb7a45df58cc1d41ce5f7a9a
SHA256

60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
SHA512

ad33ea0538c85b21123a71bfb79fab22ba96e45d1f95da0d38b69eeee96d0fc91da620b5a30c771f66600593ccc57293a2073a4888930b9aa8de7bc735da7325
SSDEEP

24576:CIf0vEXsfmUSIPhLNdG0LwXtvhJmyNDnG:xfWtdPzdG0UU

Score

10^/10

amadey purelogs zgrat rat stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc.exe

Resource

win7-20231025-en

purelogs zgrat rat stealer

windows7-x64

10 signatures

300 seconds

Behavioral task

behavioral2

Sample

60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc.exe

Resource

win10-20231020-en

amadey purelogs zgrat rat stealer trojan

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

amadey

C2

http://185.196.8.195

http://brodoyouevenlift.co.za

Attributes

strings_key
f7f36516fd699a26f0da3d64fdf9988f
url_paths
/u6vhSc3PPq/index.php
/jjuhhsa73/index.php
/k92lsA3dpb/index.php

rc4.plain

Targets

- Target
  
  60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
- Size
  
  1.3MB
- MD5
  
  28995fd2b7e5c574cd5c910d2f1fa923
- SHA1
  
  38d8be92979b5a6cbb7a45df58cc1d41ce5f7a9a
- SHA256
  
  60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
- SHA512
  
  ad33ea0538c85b21123a71bfb79fab22ba96e45d1f95da0d38b69eeee96d0fc91da620b5a30c771f66600593ccc57293a2073a4888930b9aa8de7bc735da7325
- SSDEEP
  
  24576:CIf0vEXsfmUSIPhLNdG0LwXtvhJmyNDnG:xfWtdPzdG0UU
Score

10^/10

purelogs zgrat rat stealer amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect PureLogs payload
- Detect ZGRat V1
- PureLogs
  PureLogs is an infostealer written in C#.
  stealer purelogs
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

purelogszgratratstealer

behavioral2

amadeypurelogszgratratstealertrojan

© 2018-2024

Terms | Privacy