Amadey Bot Disguised as a Famous Korean Messenger Program Being Distributed - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID ad764e16-0cf4-4fc2-a315-c0de67f8a7fc
Fingerprint 9d148fdf05b3068f
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 25, 2022, 10:04 a.m.
Added to db Jan. 16, 2023, 3:52 p.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Amadey Bot Disguised as a Famous Korean Messenger Program Being Distributed
Title Amadey Bot Disguised as a Famous Korean Messenger Program Being Distributed - ASEC BLOG
Detected Hints/Tags/Attributes 31/2/21
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/40483/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
kakaotalkupdate.zip
Details Domain 13 
www.boho.or.kr
Details Domain 11 
secnoticeview.do
Details Domain 1 
office-download3791.com
Details Domain 1 
rs-shop7301.com
Details File 1 
kakaotalkupdate.zip
Details File 1 
kakaotalk_update.exe
Details File 2127 
cmd.exe
Details File 1018 
rundll32.exe
Details File 1 
c:\users\public\srms.dat
Details File 1 
srms.dat
Details File 6 
tapi32.dll
Details File 1 
c:\users\public\348520\tapi32.dll
Details File 64 
list.php
Details File 1206 
index.php
Details md5 1 
0184b0f6403420f7134a3e4a37498754
Details md5 1 
00a7588c41c5a1183f098901d30df09a
Details md5 1 
ccd5a8f11035b888a7a3de6035ac272e
Details Url 1 
https://www.boho.or.kr/data/secnoticeview.do?bulletin_writing_sequence=66958
Details Url 1 
https://office-download3791.com/list.php
Details Url 1 
https://rs-shop7301.com/index.php