Overview

overview

10

Static

static

3

4363463463...63.exe

windows7-x64

8

4363463463...63.exe

windows10-2004-x64

8

4363463463...63.exe

windows11-21h2-x64

10

Resubmissions

14-02-2025 01:10

250214-bjsnnayne1 10

14-02-2025 01:00

250214-bc5pmsymhw 10

13-02-2025 05:01

250213-fnkwtstpgw 10

13-02-2025 04:24

250213-e1kk6atmaz 10

13-02-2025 04:08

250213-eqe8patkgx 8

12-02-2025 23:56

250212-3yzt3azrdx 10

12-02-2025 23:44

250212-3rgd5szmbm 10

12-02-2025 23:19

250212-3a9dlazkep 10

12-02-2025 13:32

250212-qs211ssrfr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloaders.zip

  • Size

    12KB

  • Sample

    250214-bc5pmsymhw

  • MD5

    94fe78dc42e3403d06477f995770733c

  • SHA1

    ea6ba4a14bab2a976d62ea7ddd4940ec90560586

  • SHA256

    16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267

  • SHA512

    add85726e7d2c69068381688fe84defe820f600e6214eff029042e3002e9f4ad52dde3b8bb28f4148cca1b950cd54d3999ce9e8445c4562d1ef2efdb1c6bdeff

  • SSDEEP

    384:6BfwcSEp9ZjKXSBIDv4dDfjlMJ7HWTHWB:efACW6Dr8HWTHWB

Score
10/10
amadeyasyncratstealcstealerium7c4393defaultqqtalkdiscoveryratstealertrojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

14.243.221.170:3322

Mutex

ynBzTukwLg8N

Attributes
  • delay

    3

  • install

    false

  • install_file

    Clean.bat

  • install_folder

    %Temp%

aes.plain

Extracted

Family

stealc

Botnet

QQtalk

C2

http://154.216.17.90

Attributes
  • url_path

    /a48146f6763ef3af.php

Extracted

Family

amadey

Version

5.03

Botnet

7c4393

C2

http://185.215.113.217

Attributes
  • install_dir

    f9c76c1660

  • install_file

    corept.exe

  • strings_key

    9808a67f01d2f0720518035acbde7521

  • url_paths

    /CoreOPT/index.php

rc4.plain

Extracted

Family

stealerium

C2

https://api.telegram.org/bot6926474815:AAFx9tLAnf5OAVQZp2teS3G2_6T1wCP67xM/sendMessage?chat_id=-4224073938

Targets

    • Target

      4363463463464363463463463.exe

    • Size

      10KB

    • MD5

      2a94f3960c58c6e70826495f76d00b85

    • SHA1

      e2a1a5641295f5ebf01a37ac1c170ac0814bb71a

    • SHA256

      2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce

    • SHA512

      fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

    • SSDEEP

      192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

    Score
    10/10
    discoveryamadeyasyncratstealcstealerium7c4393defaultqqtalkratstealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Asyncrat family

      asyncrat

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Stealc family

      stealc

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Stealerium family

      stealerium

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks