General

  • Target

    ac696ff26dae3d008a7f1a8a33a6c067.exe

  • Size

    633KB

  • Sample

    211225-j1593sgbck

  • MD5

    ac696ff26dae3d008a7f1a8a33a6c067

  • SHA1

    0e450582db291be053ac6a4ccf722dc4441b1f2e

  • SHA256

    44e08debeddf1bf932fd76e0fd0088eb196c036c92d662601ac8b55fe10528b9

  • SHA512

    1e049cc4cdd0e6dc4f38771f271a8021ad5c771024ed9cc3aea787d184a976f84778fc127ff2ab67cb79e0621ddc60b4b872393f4fabb0dfceb977409f66c0c6

Malware Config

Extracted

Family

amadey

Version

2.86

C2

2.56.56.210/notAnoob/index.php

Targets

    • Target

      ac696ff26dae3d008a7f1a8a33a6c067.exe

    • Size

      633KB

    • MD5

      ac696ff26dae3d008a7f1a8a33a6c067

    • SHA1

      0e450582db291be053ac6a4ccf722dc4441b1f2e

    • SHA256

      44e08debeddf1bf932fd76e0fd0088eb196c036c92d662601ac8b55fe10528b9

    • SHA512

      1e049cc4cdd0e6dc4f38771f271a8021ad5c771024ed9cc3aea787d184a976f84778fc127ff2ab67cb79e0621ddc60b4b872393f4fabb0dfceb977409f66c0c6

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detect Neshta Payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Privilege Escalation