185.215.113.17
185.215.113.17 

URL: http://185.215.113.17/jG3cs2rP/login.php
Tags: c2 malware amadey
Submission: On February 18 via api from US

Form analysis 1 forms found in the DOM

POST login.php

<form action="login.php" method="post">
  <table width="515" height="481" background="images\bg_1.png">
    <tbody>
      <tr>
        <td align="center">
          <table border="0" height="120" cellpadding="0" cellspacing="0">
            <tbody>
              <tr>
                <td>
                </td>
                <td>
                  <div align="center">
                    <font size="2">a2021 "AMADEY"</font>&nbsp;&nbsp;&nbsp;&nbsp;
                  </div>
                </td>
              </tr>
              <tr>
                <td>
                  <img src="images\l0.png">
                </td>
                <td align="left">
                  <input type="text" class="task" name="login">
                </td>
              </tr>
              <tr>
                <td>
                  <img src="images\l1.png">
                </td>
                <td>
                  <input type="password" class="task" name="password">
                </td>
              </tr>
              <tr>
                <td>
                </td>
                <td>
                  <div align="center">
                    <input type="submit" class="button" value="Unlock">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
                  </div>
                </td>
              </tr>
            </tbody>
          </table>
        </td>
      </tr>
    </tbody>
  </table>
</form>

Text Content

Authorisation
a2021 "AMADEY"