Overview

overview

10

Static

static

10

d8a284e5c3...40.exe

windows7_x64

10

d8a284e5c3...40.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8a284e5c371dff9fc702a933d3b026793c78c0761409b1c6380c3d765223a40.exe

  • Size

    198KB

  • Sample

    210915-gr6s5sdabn

  • MD5

    94fab33d5f95c5a5566352a05acfe768

  • SHA1

    13a38ad719f44a3b46bc51ba2a4f920a214e9ddd

  • SHA256

    d8a284e5c371dff9fc702a933d3b026793c78c0761409b1c6380c3d765223a40

  • SHA512

    77e20ab780d59c2755adb374ffab17c094781aba9ace78747b872d5b84ea991c750aaab21367296e9b4d15997b9541e55e6734ed997db2efb00f6f69ebe179e3

Score
10/10
amadeysuricatatrojan

Malware Config

Extracted

Family

amadey

Version

2.42

C2

91.241.19.49/hBugs2D/index.php

Targets

    • Target

      d8a284e5c371dff9fc702a933d3b026793c78c0761409b1c6380c3d765223a40.exe

    • Size

      198KB

    • MD5

      94fab33d5f95c5a5566352a05acfe768

    • SHA1

      13a38ad719f44a3b46bc51ba2a4f920a214e9ddd

    • SHA256

      d8a284e5c371dff9fc702a933d3b026793c78c0761409b1c6380c3d765223a40

    • SHA512

      77e20ab780d59c2755adb374ffab17c094781aba9ace78747b872d5b84ea991c750aaab21367296e9b4d15997b9541e55e6734ed997db2efb00f6f69ebe179e3

    Score
    10/10
    amadeysuricatatrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • suricata: ET MALWARE Amadey CnC Check-In

      suricata: ET MALWARE Amadey CnC Check-In

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks