ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe

General
Target

ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe

Size

204KB

Sample

211002-gre1esdhel

Score
10 /10
MD5

d7a4223e43b194c93b0663e8e319fbaa

SHA1

d6cbe3198b1875a485773496b0e9c2b944b23133

SHA256

ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2

SHA512

e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c

Malware Config

Extracted

Family amadey
Version 2.70
C2

185.215.113.45/g4MbvE/index.php

Targets
Target

ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe

MD5

d7a4223e43b194c93b0663e8e319fbaa

Filesize

204KB

Score
10/10
SHA1

d6cbe3198b1875a485773496b0e9c2b944b23133

SHA256

ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2

SHA512

e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c

Tags

Signatures

  • Amadey

    Description

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    Tags

  • suricata: ET MALWARE Amadey CnC Check-In

    Description

    suricata: ET MALWARE Amadey CnC Check-In

    Tags

  • Executes dropped EXE

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      10/10

                      behavioral1

                      10/10

                      behavioral2

                      10/10