amadey | hxxps://github[.]com/warridge36/Adobe-Acrobat-Pro-Cracked | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com/w...

windows11-21h2-x64

Sharing

General

Target

https://github.com/warridge36/Adobe-Acrobat-Pro-Cracked
Sample

240330-xs3qwacd7w

Score

10^/10

amadey rhadamanthys stealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com/warridge36/Adobe-Acrobat-Pro-Cracked

Resource

win11-20240221-en

amadey rhadamanthys stealer trojan

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

4.19

C2

http://185.196.10.188

http://45.159.189.140

http://89.23.103.42

Attributes

install_dir
b4e248fdbd
install_file
Dctooux.exe
strings_key
01edd7c913096383774168b5aeebc95e
url_paths
/hb9IvshS/index.php

/hb9IvshS2/index.php

/hb9IvshS3/index.php

rc4.plain

Targets

- Target
  
  https://github.com/warridge36/Adobe-Acrobat-Pro-Cracked
Score

10^/10

amadey rhadamanthys stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

amadeyrhadamanthysstealertrojan

© 2018-2024

Terms | Privacy