Overview

overview

10

Static

static

462874360a...e6.exe

windows7_x64

10

462874360a...e6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    462874360a3b4cff7c9fab2448ae25bca022253e71af71b128af502136e8b2e6.exe

  • Size

    345KB

  • Sample

    210408-frpd3t8tne

  • MD5

    ed4e77ea9305aeae3b545735358b6d1b

  • SHA1

    5aadcc89f95baf1452776f3b6a87cd2fbc89bd30

  • SHA256

    462874360a3b4cff7c9fab2448ae25bca022253e71af71b128af502136e8b2e6

  • SHA512

    4dee200e21281f63a6445c7ee9a2dec5003e6a854279b0b37cbd8121af182028e0c3f11b204c34d58bf7936ba4bd8dd936f82eac979e0081b21515797a47d641

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

2.14

C2

cdn12-web-security.com/gf4EdsW/index.php

shegw583reg.hopto.org/gf4EdsW/index.php

Targets

    • Target

      462874360a3b4cff7c9fab2448ae25bca022253e71af71b128af502136e8b2e6.exe

    • Size

      345KB

    • MD5

      ed4e77ea9305aeae3b545735358b6d1b

    • SHA1

      5aadcc89f95baf1452776f3b6a87cd2fbc89bd30

    • SHA256

      462874360a3b4cff7c9fab2448ae25bca022253e71af71b128af502136e8b2e6

    • SHA512

      4dee200e21281f63a6445c7ee9a2dec5003e6a854279b0b37cbd8121af182028e0c3f11b204c34d58bf7936ba4bd8dd936f82eac979e0081b21515797a47d641

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks