Malware Analysis – Amadey Malware | HTA VBScript to Powershell Batch | Remnux and Flarevm

Comments off | script By · 21/06/2023



Malware Analysis – Amadey Malware | HTA VBScript to Powershell Batch | Remnux and Flarevm

Malware Analysis - Amadey Malware | HTA VBScript to Powershell Batch | Remnux and Flarevm

In this video, we analyze yet another malware…the Amadey malware. This is basically a botnet that appeared around 2018 and acts as a payload downloader. It calls these payloads tasks.

00:00 Intro
02:45 First look
04:04 Stage1 Deobfuscation Start
05:18 Stage2 Powershell deobfuscation
08:48 Stage3 Powershell Payload
10:02 Stage3 Payload Deobfuscation
10:38 Stage4 Obfuscated Look
11:04 Stage4 cleanup
12:16 Stage4 C2 Obfuscator Function
12:42 Custom Python C2 Bytestream Decoder
16:28 Wget Amadey_SC.bat
18:22 Amadey cleanup
24:11 Failed Amadey Payload Deobfuscation
25:30 Virus Total Stage4 and Stage5
26:47 Huh?!? That’s ODD
28:01 About Amadey
28:36 SHA256 finds Amadey_SC.bat
29:16 Today is the Day!!!
30:12 End

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav