General
Target

a26595e04bbad90731a04c1195c34d92.exe

Size

1MB

Sample

210929-ac6q9sddaj

Score
10/10
MD5

a26595e04bbad90731a04c1195c34d92

SHA1

0b295fa12e6bd596ba0071a58370966c6a4551c3

SHA256

c5e41abe14036a3331b4bd9e3bb24be2424439a8030b8dfbe1a61a3da6482573

SHA512

ad8682d0772bc0668fde3d7818a180b64da892e9c687332a960efa8c7ed5bdb12b5a1286d833c145c667d25373a7001ae320d24034c1f1fd089a1e1a273ff934

Malware Config

Extracted

Family

amadey

Version

2.61

C2

185.215.113.33/hBF6ds2D/index.php

Targets
Target

a26595e04bbad90731a04c1195c34d92.exe

MD5

a26595e04bbad90731a04c1195c34d92

Filesize

1MB

Score
10/10
SHA1

0b295fa12e6bd596ba0071a58370966c6a4551c3

SHA256

c5e41abe14036a3331b4bd9e3bb24be2424439a8030b8dfbe1a61a3da6482573

SHA512

ad8682d0772bc0668fde3d7818a180b64da892e9c687332a960efa8c7ed5bdb12b5a1286d833c145c667d25373a7001ae320d24034c1f1fd089a1e1a273ff934

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • suricata: ET MALWARE Amadey CnC Check-In

    Description

    suricata: ET MALWARE Amadey CnC Check-In

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      10/10