amadey

General

Target

60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
Size

1.3MB
Sample

231203-2fcq5sfg61
MD5

28995fd2b7e5c574cd5c910d2f1fa923
SHA1

38d8be92979b5a6cbb7a45df58cc1d41ce5f7a9a
SHA256

60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
SHA512

ad33ea0538c85b21123a71bfb79fab22ba96e45d1f95da0d38b69eeee96d0fc91da620b5a30c771f66600593ccc57293a2073a4888930b9aa8de7bc735da7325
SSDEEP

24576:CIf0vEXsfmUSIPhLNdG0LwXtvhJmyNDnG:xfWtdPzdG0UU

Score

10^/10

Malware Config

Extracted

Family

amadey

C2

http://185.196.8.195

http://brodoyouevenlift.co.za

Attributes

strings_key
f7f36516fd699a26f0da3d64fdf9988f
url_paths
/u6vhSc3PPq/index.php

/jjuhhsa73/index.php

/k92lsA3dpb/index.php

rc4.plain

Targets

- Target
  
  60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
- Size
  
  1.3MB
- MD5
  
  28995fd2b7e5c574cd5c910d2f1fa923
- SHA1
  
  38d8be92979b5a6cbb7a45df58cc1d41ce5f7a9a
- SHA256
  
  60c0ab0cdcb4e608b2b400d19ad7e6b0705a85628bdf9b8ca42efe16cb07ccbc
- SHA512
  
  ad33ea0538c85b21123a71bfb79fab22ba96e45d1f95da0d38b69eeee96d0fc91da620b5a30c771f66600593ccc57293a2073a4888930b9aa8de7bc735da7325
- SSDEEP
  
  24576:CIf0vEXsfmUSIPhLNdG0LwXtvhJmyNDnG:xfWtdPzdG0UU
Score

10^/10

purelogs zgrat rat stealer amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect PureLogs payload
- Detect ZGRat V1
- PureLogs
  PureLogs is an infostealer written in C#.
  stealer purelogs
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PureLogs payload

Detect ZGRat V1

PureLogs

ZGRat

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2