Amadey Loader

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Amadey Loader is a type of malware, which is malicious software designed to infiltrate and damage computer systems. It typically gains access through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Amadey Loader is particularly harmful due to its ability to load and decrypt payloads, making it a significant threat to cybersecurity. Despite claims by developers that Remcos and GuLoader are legitimate software, our investigations have revealed otherwise. We found malicious payloads in this folder linked to Amadey Loader and corresponding GuLoader shellcodes that decrypt these payloads. Furthermore, we discovered evidence pointing towards the use of other well-known malware such as Formbook and Amadey Loader in cyber attacks. The evidence also implicates an individual known as Eminem in these cyber attacks. This person has been found to be involved in not only distributing Remcos and GuLoader but also notorious malware like Formbook and Amadey Loader. The comprehensive proof of EMINэM’s involvement in the distribution of these types of malware marks a significant development in our understanding of these cyber threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Amadey Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Checkpoint
8 months ago
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos - Check Point Research