General
-
Target
https://github.com/warridge36/Adobe-Acrobat-Pro-Cracked
-
Sample
240330-xs3qwacd7w
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/warridge36/Adobe-Acrobat-Pro-Cracked
Resource
win11-20240221-en
windows11-21h2-x64
19 signatures
150 seconds
Malware Config
Extracted
Family
amadey
Version
4.19
C2
http://185.196.10.188
http://45.159.189.140
http://89.23.103.42
Attributes
-
install_dir
b4e248fdbd
-
install_file
Dctooux.exe
-
strings_key
01edd7c913096383774168b5aeebc95e
-
url_paths
/hb9IvshS/index.php
/hb9IvshS2/index.php
/hb9IvshS3/index.php
rc4.plain
Targets
-
-
Target
https://github.com/warridge36/Adobe-Acrobat-Pro-Cracked
Score10/10-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-