Overview

overview

10

Static

static

Ejecución...49.exe

windows7_x64

10

Ejecución...49.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ejecución_De_Embargo1087682524110440457384889987429350028591104178436174773663625753785856169508441070649.exe

  • Size

    250KB

  • Sample

    210224-d8dgvcej2n

  • MD5

    5144f2c618edf5a258b02fc2b71beefd

  • SHA1

    69a27371c6c2f8db55ed23160945149a9011736e

  • SHA256

    4ae3ca87d8086b3d8beaca35c8d69db7b477f84111486caba6ff9682c5704b57

  • SHA512

    74a4e4be5b859f8edb999f0004cd7d13b4c56453de13379a073d6b077da691e291f89d3d0dcf791e623b6fd6bf5d16d3dfcc6df27fa43552a563227e98449567

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

2.11

C2

176.111.174.67/7Ndd3SnW/index.php

Targets

    • Target

      Ejecución_De_Embargo1087682524110440457384889987429350028591104178436174773663625753785856169508441070649.exe

    • Size

      250KB

    • MD5

      5144f2c618edf5a258b02fc2b71beefd

    • SHA1

      69a27371c6c2f8db55ed23160945149a9011736e

    • SHA256

      4ae3ca87d8086b3d8beaca35c8d69db7b477f84111486caba6ff9682c5704b57

    • SHA512

      74a4e4be5b859f8edb999f0004cd7d13b4c56453de13379a073d6b077da691e291f89d3d0dcf791e623b6fd6bf5d16d3dfcc6df27fa43552a563227e98449567

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks