amadey | a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998
Size

908KB
Sample

231203-2mcdysfg84
MD5

eace63ea1948f012941dd4a9b3ac3c94
SHA1

a405bafadae7f27a3dbe108e8690034fe45b3330
SHA256

a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998
SHA512

3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024
SSDEEP

24576:emL7X62LBPsHdB3irLKfM9WCjC3NnOBk5/s0v1n3:JW2LBECUCjC5l5k0v

Score

10^/10

amadey purelogs zgrat persistence rat spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe

Resource

win7-20231023-en

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe

Resource

win10-20231020-en

amadey purelogs zgrat persistence rat spyware stealer trojan

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Extracted

Family

amadey

C2

http://185.196.8.195

http://brodoyouevenlift.co.za

Attributes

strings_key
f7f36516fd699a26f0da3d64fdf9988f
url_paths
/u6vhSc3PPq/index.php

/jjuhhsa73/index.php

/k92lsA3dpb/index.php

rc4.plain

Targets

- Target
  
  a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998
- Size
  
  908KB
- MD5
  
  eace63ea1948f012941dd4a9b3ac3c94
- SHA1
  
  a405bafadae7f27a3dbe108e8690034fe45b3330
- SHA256
  
  a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998
- SHA512
  
  3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024
- SSDEEP
  
  24576:emL7X62LBPsHdB3irLKfM9WCjC3NnOBk5/s0v1n3:JW2LBECUCjC5l5k0v
Score

10^/10

zgrat rat amadey purelogs persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect PureLogs payload
- Detect ZGRat V1
- PureLogs
  PureLogs is an infostealer written in C#.
  stealer purelogs
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadeypurelogszgratpersistenceratspywarestealertrojan

© 2018-2025

Terms | Privacy