amadey | d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e | Triage

Submit
Reports

Overview

overview

Static

static

3

d0f7fb0700...9e.exe

windows7-x64

d0f7fb0700...9e.exe

windows10-2004-x64

Sharing

General

Target

d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e.exe
Size

2.3MB
Sample

240327-c6jjyaah54
MD5

90c738cebe2f8dda5d53e777ad286a43
SHA1

58daf4a99c9c148f38b3e6173d5f7ac01bcfaf16
SHA256

d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e
SHA512

7b77c041a5e1548403db8f749c90209a5bb4a8c1c178003d7af2641f94e1745b6e89abadfed441dd41c492cd134863afb57353a918d94ce308b2884cfdf29620
SSDEEP

49152:Trp/mzum6MFkh5lLEwloDrFHJ/PXbU2HSu8KiDDjCBrVaQWMZ00r:8zum6My14wmDrFH9XcuuDDGBxaU2a

Score

10^/10

amadey zgrat persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e.exe

Resource

win7-20240319-en

amadey zgrat persistence rat trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e.exe

Resource

win10v2004-20240226-en

zgrat persistence rat

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://ruspyc.top

Attributes

install_dir
5027aaabaf
install_file
Dctooux.exe
strings_key
ea32980f4b5f2367967b03fa80659f80
url_paths
/j4Fvskd3/index.php

rc4.plain

Targets

- Target
  
  d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e.exe
- Size
  
  2.3MB
- MD5
  
  90c738cebe2f8dda5d53e777ad286a43
- SHA1
  
  58daf4a99c9c148f38b3e6173d5f7ac01bcfaf16
- SHA256
  
  d0f7fb07005ab151b76ab0cd9f5b45a7d319fb3273044c2f5b66a491c6161f9e
- SHA512
  
  7b77c041a5e1548403db8f749c90209a5bb4a8c1c178003d7af2641f94e1745b6e89abadfed441dd41c492cd134863afb57353a918d94ce308b2884cfdf29620
- SSDEEP
  
  49152:Trp/mzum6MFkh5lLEwloDrFHJ/PXbU2HSu8KiDDjCBrVaQWMZ00r:8zum6My14wmDrFH9XcuuDDGBxaU2a
Score

10^/10

amadey zgrat persistence rat trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect ZGRat V1
- Suspicious use of NtCreateUserProcessOtherParentProcess
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyzgratpersistencerattrojan

behavioral2

zgratpersistencerat

© 2018-2024

Terms | Privacy