General

  • Target

    37ad471d4b3ea1644bb111bacdf6306189214c900ee8882c3b85cab7d5a67351.exe

  • Size

    265KB

  • Sample

    210414-3fvnm8dkqx

  • MD5

    92ece8f284c4ce928877ec8352206284

  • SHA1

    8386f3af52aa8505d1e668dc7bfecf48c37e8387

  • SHA256

    37ad471d4b3ea1644bb111bacdf6306189214c900ee8882c3b85cab7d5a67351

  • SHA512

    1244cb322a2b7b4dca51301f23e7fcd0bab5c0c39e371244100b7e1eb79d54d8eea49ae34facf56f397b5991907bb3f1e8de07fc99731306f710066905fb53f8

Score
10/10

Malware Config

Extracted

Family

amadey

Version

2.14

C2

cdn12-web-security.com/gf4EdsW/index.php

shegw583reg.hopto.org/gf4EdsW/index.php

Targets

    • Target

      37ad471d4b3ea1644bb111bacdf6306189214c900ee8882c3b85cab7d5a67351.exe

    • Size

      265KB

    • MD5

      92ece8f284c4ce928877ec8352206284

    • SHA1

      8386f3af52aa8505d1e668dc7bfecf48c37e8387

    • SHA256

      37ad471d4b3ea1644bb111bacdf6306189214c900ee8882c3b85cab7d5a67351

    • SHA512

      1244cb322a2b7b4dca51301f23e7fcd0bab5c0c39e371244100b7e1eb79d54d8eea49ae34facf56f397b5991907bb3f1e8de07fc99731306f710066905fb53f8

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks