ioc[.]one - OSINT Cyber Threat Intelligence Database

Deconstructing Amadey's Latest Multi-Stage Attack and Malware Distribution | McAfee Blog

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Hardware - T1592.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	4fb83dae-813f-4fa6-a362-c106ff34dc64
Fingerprint	86040958a1339780
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 5, 2023, 9:30 p.m.
Added to db	Nov. 6, 2023, 7:10 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Deconstructing Amadey’s Latest Multi-Stage Attack and Malware Distribution
Title	Deconstructing Amadey's Latest Multi-Stage Attack and Malware Distribution \| McAfee Blog
Detected Hints/Tags/Attributes	80/3/51

Source URLs

	Redirection	Url
Details	Source	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/deconstructing-amadeys-latest-multi-stage-attack-and-malware-distribution/

URL Provider

Details	Provider	Source level domain
Details	mcafee.com	www.mcafee.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	333	✔	—	https://www.mcafee.com/blogs/other-blogs/mcafee-labs/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	sha256	1	0cca99711baf600eb030bbfcf279faf74c564084e733df3d9e98bea3e4e2f45f
Details	sha256	1	ad1d5475d737c09e3c48f7996cd407c992c1bb5601bcc6c6287eb80cde3d852b
Details	sha256	1	d40d2bfa9fcbf980f76ce224ab6037ebd2b081cb518fa65b8e208f84bc155e41
Details	sha256	1	cdd4072239d8a62bf134e9884ef2829d831efaf3f6f7f71b7266af29df145dd0
Details	sha256	1	10ee53988bcfbb4bb9c8928ea96c4268bd64b9dfd1f28c6233185e695434d2f8
Details	sha256	1	3492ed949b0d1cbd720eae940d122d6a791df098506c24517da0cc149089f405
Details	IPv4	1	193.233.20.7
Details	IPv4	4	62.204.41.5
Details	IPv4	1	62.204.41.251
Details	IPv4	1	193.233.20.11
Details	IPv4	4	176.113.115.17
Details	IPv4	1	62.204.41.88
Details	File	11	wextract.exe
Details	File	1	cydn.exe
Details	File	1	vona.exe
Details	File	1	aydx.exe
Details	File	1	mika.exe
Details	File	1	healer.exe
Details	File	2	mnolyk.exe
Details	File	10	cred.dll
Details	File	5	clip.dll
Details	File	1	fuka.exe
Details	File	1	nikas.exe
Details	File	1	igla.exe
Details	File	1	nocr.exe
Details	File	1	lebro.exe
Details	File	249	schtasks.exe
Details	File	14	cacls.exe
Details	File	60	c:\windows\system32\schtasks.exe
Details	File	1	c:\users\test\appdata\local\temp\5eb6b96734\mnolyk.exe
Details	File	1	fukka.exe
Details	File	1	samarium.exe
Details	File	1	bvpf.exe
Details	File	1	cmkmka.exe
Details	File	1	nightskywalker.exe
Details	File	48	applaunch.exe
Details	File	1	alary.exe
Details	File	3	nbveek.exe
Details	File	1	setupff.exe
Details	File	1018	rundll32.exe
Details	File	8	clip64.dll
Details	File	7	cred64.dll
Details	sha256	1	80fed7cd4c7d7cb0c05fe128ced6ab2b9b3d7f03edcf5ef532c8236f00ee7376
Details	sha256	1	d8e9b2d3afd0eab91f94e1a1a1a0a97aa2974225f4f086a66e76dbf4b705a800
Details	sha256	1	1d51e0964268b35afb43320513ad9837ec6b1c0bd0e56065ead5d99b385967b5
Details	sha256	2	850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38
Details	sha256	1	6cbcf0bb90ae767a8c554cdfa90723e6b1127e98cfa19a2259dd57813d27e116
Details	sha256	1	8020580744f6861a611e99ba17e92751499e4b0f013d66a103fb38c5f256bbb2
Details	sha256	1	021ae2fadbc8bc4e83013de03902e6e97c2815ab821adaa58037e562a6b2357b
Details	sha256	1	aab1460440bee10e2efec9b5c83ea20ed85e7a17d4ed3b4a19341148255d54b1
Details	sha256	1	54ce28a037eea87448e65bc25f8d3a38ddd4b4679516cc59899b77150aa46fcc