ed4e77ea9305aeae3b545735358b6d1b.exe

General
Target

ed4e77ea9305aeae3b545735358b6d1b.exe

Size

345KB

Sample

210408-e9vtp1qwwe

Score
10 /10
MD5

ed4e77ea9305aeae3b545735358b6d1b

SHA1

5aadcc89f95baf1452776f3b6a87cd2fbc89bd30

SHA256

462874360a3b4cff7c9fab2448ae25bca022253e71af71b128af502136e8b2e6

SHA512

4dee200e21281f63a6445c7ee9a2dec5003e6a854279b0b37cbd8121af182028e0c3f11b204c34d58bf7936ba4bd8dd936f82eac979e0081b21515797a47d641

Malware Config

Extracted

Family amadey
Version 2.14
C2

cdn12-web-security.com/gf4EdsW/index.php

shegw583reg.hopto.org/gf4EdsW/index.php

Targets
Target

ed4e77ea9305aeae3b545735358b6d1b.exe

MD5

ed4e77ea9305aeae3b545735358b6d1b

Filesize

345KB

Score
10 /10
SHA1

5aadcc89f95baf1452776f3b6a87cd2fbc89bd30

SHA256

462874360a3b4cff7c9fab2448ae25bca022253e71af71b128af502136e8b2e6

SHA512

4dee200e21281f63a6445c7ee9a2dec5003e6a854279b0b37cbd8121af182028e0c3f11b204c34d58bf7936ba4bd8dd936f82eac979e0081b21515797a47d641

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10