Overview

overview

10

Static

static

10

ff96c05cc5...b2.exe

windows7_x64

10

ff96c05cc5...b2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe

  • Size

    204KB

  • Sample

    211002-gre1esdhel

  • MD5

    d7a4223e43b194c93b0663e8e319fbaa

  • SHA1

    d6cbe3198b1875a485773496b0e9c2b944b23133

  • SHA256

    ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2

  • SHA512

    e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c

Score
10/10
amadeysuricatatrojan

Malware Config

Extracted

Family

amadey

Version

2.70

C2

185.215.113.45/g4MbvE/index.php

Targets

    • Target

      ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe

    • Size

      204KB

    • MD5

      d7a4223e43b194c93b0663e8e319fbaa

    • SHA1

      d6cbe3198b1875a485773496b0e9c2b944b23133

    • SHA256

      ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2

    • SHA512

      e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c

    Score
    10/10
    amadeysuricatatrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • suricata: ET MALWARE Amadey CnC Check-In

      suricata: ET MALWARE Amadey CnC Check-In

      suricata

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks