Tag: amadey

10 Attack Reports | 0 Vulnerabilities

Attack reports

I StealC You: Tracking the Rapid Changes To Steal

StealC V2, introduced in March 2025, is an enhanced version of the popular information stealer and malware downloader. Key updates include a streamlined JSON-based C2 communication protocol with RC4 encryption, expanded payload delivery options (MSI packages and PowerShell scripts), and a redesigne…
obfuscation
amadey
credential harvesting
stealc
information stealer
2025-05-02
rc4 encryption
Published: May 2, 2025
Downloadable IOCs: 0

Where to Find Aspiring Hackers

This analysis focuses on Proton66, a bulletproof hosting network enabling cybercrime operations and serving as a hub for aspiring cybercriminals. It examines the activities of a threat actor known as 'Coquettte,' who is linked to the Horrid hacking group. The investigation reveals a fake cybersecur…
amadey
lumma stealer
cybercrime
vidar
infostealers
penguish
rugmi
2025-04-04
rescoms
proton66
bulletproof hosting
recordbreaker
horrid hacking group
amateur hackers
fake cybersecurity
rugmi malware
Published: April 4, 2025
Downloadable IOCs: 0

Amateur Hacker Leverages Bulletproof Hosting Server to Spread Malware

A novice cybercriminal, known as 'Coquettte', has been discovered using a Russian bulletproof hosting provider, Proton66, to distribute malware. The hacker's activities include deploying the Rugmi malware loader through a fake cybersecurity product website and selling guides for illegal substances …
amadey
lumma stealer
vidar
rugmi
2025-04-03
rescoms
amateur hacker
proton66
cybercrime incubator
bulletproof hosting
fake antivirus
raccoon stealer v2
illegal guides
horrid collective
Published: April 3, 2025
Downloadable IOCs: 6

How Cracks and Installers Bring Malware to Your Device

Trend Micro research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.
amadey
vidar
urls
penguish
lummastealer
ioc
privateloader
malware detection
2025-01-14
revil
c2 servers
cyber threats
marsstealer
domains
rugmi
sodinokibi
hashes
sodin
Published: January 14, 2025
Downloadable IOCs: 0

Frequent freeloader: Russian actor using tools of other groups to attack Ukraine

Russian nation-state actor Secret Blizzard has been observed using tools and infrastructure from other threat actors to compromise targets in Ukraine. Between March and April 2024, Secret Blizzard utilized the Amadey bot malware associated with cybercriminal activity to deploy its custom Tavdig and…
ukraine
amadey
secret blizzard
2024-12-13
kazuarv2
Published: December 13, 2024
Downloadable IOCs: 0

Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices

A malicious botnet called Socks5Systemz is operating a proxy service named PROXY.AM, utilizing over 85,000 compromised devices. The botnet, active since 2013, aims to turn infected systems into proxy exit nodes for cybercriminals seeking to obscure their attack sources. Initially boasting around 25…
botnet
amadey
cybercrime
smokeloader
proxy service
socks5systemz
2024-12-09
privateloader
exit nodes
hacked devices
proxy.am
Published: December 9, 2024
Downloadable IOCs: 2

Malicious CAPTCHA delivers Lumma and Amadey Trojans

An adware campaign targets online users by presenting them with fake CAPTCHA or update prompts, tricking them into running malicious PowerShell commands that deploy credential-stealing malware like Lumma and Amadey. The attackers leverage ad networks to redirect victims to compromised sites hosting…
malvertising
adware
remcos
amadey
infostealers
social-engineering
lumma
captcha
2024-10-29
Published: October 29, 2024
Downloadable IOCs: 1

Zharkbot Strings

Zharkbot is a C++ downloader with extensive anti-analysis and anti-sandbox features. It uses in-line string encryption and API calls, making static and emulation analysis challenging. The malware performs sandbox detection by checking for specific usernames and hypervisors. It installs itself in th…
persistence
anti-analysis
amadey
downloader
2024-09-03
anti-sandbox
string encryption
c2 communication
zharkbot
Published: September 3, 2024
Downloadable IOCs: 2

Unfurling Hemlock: Threat group uses cluster bomb campaigns

A threat actor dubbed Unfurling Hemlock has been observed distributing hundreds of thousands of malware samples in a campaign lasting several months. The malware is distributed using a 'cluster bomb' technique where each sample contains multiple stages of nested executable files, each containing ad…
amadey
redline
smokeloader
2024-07-01
risepro
mystic stealer
cluster bomb
mass distribution
eastern european
stealers
Published: July 1, 2024
Downloadable IOCs: 55

HijackLoader Updates

HijackLoader, also known as IDAT Loader, is a modular malware loader capable of executing multiple payloads. It utilizes a variety of modules for code injection, execution, and evasion techniques. This report analyzes the updated version of HijackLoader, which includes new modules for bypassing Win…
rat
evasion
rhadamanthys
stealer
remcos
2024-05-03
2024-05-04
2024-05-05
2024-05-06
2024-05-07
amadey
lumma stealer
injection
modular
racoon stealer v2
malware loader
meta stealer
Published: May 7, 2024
Downloadable IOCs: 11
Click here to see more Attack Reports