General

  • Target

    b77d9cf0898f11009292cdddbeaf379d.exe

  • Size

    333KB

  • Sample

    210412-arnyhgwlks

  • MD5

    b77d9cf0898f11009292cdddbeaf379d

  • SHA1

    2af64c3097373bf1a583d43d4ff30487ad5b9646

  • SHA256

    2ca400a06037c9a9ea1e60c1cb577aad185efe8e184f6d44482c480b616d54d7

  • SHA512

    9e06f410a7c3a6712a601de289d7172f4473825f052ac1fc1b5a6cb9633feaaa8aac33e59114c0237907576b316cc3e393563bd3f7e66df287b3f0c3c45303a3

Score
10/10

Malware Config

Extracted

Family

amadey

Version

2.14

C2

cdn12-web-security.com/gf4EdsW/index.php

shegw583reg.hopto.org/gf4EdsW/index.php

Targets

    • Target

      b77d9cf0898f11009292cdddbeaf379d.exe

    • Size

      333KB

    • MD5

      b77d9cf0898f11009292cdddbeaf379d

    • SHA1

      2af64c3097373bf1a583d43d4ff30487ad5b9646

    • SHA256

      2ca400a06037c9a9ea1e60c1cb577aad185efe8e184f6d44482c480b616d54d7

    • SHA512

      9e06f410a7c3a6712a601de289d7172f4473825f052ac1fc1b5a6cb9633feaaa8aac33e59114c0237907576b316cc3e393563bd3f7e66df287b3f0c3c45303a3

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks