General

  • Target

    a26595e04bbad90731a04c1195c34d92.exe

  • Size

    1.4MB

  • Sample

    210929-ac6q9sddaj

  • MD5

    a26595e04bbad90731a04c1195c34d92

  • SHA1

    0b295fa12e6bd596ba0071a58370966c6a4551c3

  • SHA256

    c5e41abe14036a3331b4bd9e3bb24be2424439a8030b8dfbe1a61a3da6482573

  • SHA512

    ad8682d0772bc0668fde3d7818a180b64da892e9c687332a960efa8c7ed5bdb12b5a1286d833c145c667d25373a7001ae320d24034c1f1fd089a1e1a273ff934

Score
10/10

Malware Config

Extracted

Family

amadey

Version

2.61

C2

185.215.113.33/hBF6ds2D/index.php

Targets

    • Target

      a26595e04bbad90731a04c1195c34d92.exe

    • Size

      1.4MB

    • MD5

      a26595e04bbad90731a04c1195c34d92

    • SHA1

      0b295fa12e6bd596ba0071a58370966c6a4551c3

    • SHA256

      c5e41abe14036a3331b4bd9e3bb24be2424439a8030b8dfbe1a61a3da6482573

    • SHA512

      ad8682d0772bc0668fde3d7818a180b64da892e9c687332a960efa8c7ed5bdb12b5a1286d833c145c667d25373a7001ae320d24034c1f1fd089a1e1a273ff934

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • suricata: ET MALWARE Amadey CnC Check-In

      suricata: ET MALWARE Amadey CnC Check-In

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks