Amadey Bot Teams Up With SmokeLoader

  |  Source: 

Amadey Bot Teams Up With SmokeLoader

ASEC analysis team's tracking of information stealing malware, Amadey Bot found it being installed by SmokeLoader malware. Recent campaigns distributing Smokeload have masqueraded the malware as cracked software. When downloaded and executed SmokeLoader injects itself into a running explorer process to initiate the download of Amadey Bot. When executed Amadey will copy itself to the Temp path and creates persistence in the startup folder. Once the setup is complete, Amadey will collect system information to exfiltrate to the attacker's command and control server. Amadey can download modules or payloads for information stealing. Modules are executed with rundll32 and malicious executables are launched to tamper with Windows Defender configurations.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now