Resubmissions

19-01-2022 16:33

220119-t2pzlabeh4 10

25-11-2021 12:39

211125-pvmtfaaee9 10

General

  • Target

    1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181

  • Size

    6MB

  • Sample

    220119-t2pzlabeh4

  • MD5

    eaf0414732a32787b8c26e69af59bfa0

  • SHA1

    e313935ac46f141a3940236026cfe0eb0f4a1dcc

  • SHA256

    1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181

  • SHA512

    cc9dda5d5072e3ef01ee3e61fe23d0e753ca5957ff9f15e49377bd84a0be5b1f3606aaca9e6cbc7ff6fb67cf130da2d2174c32c5a2e5911706acf6b085706ab1

Score
10/10

Malware Config

Extracted

Family

amadey

Version

2.70

C2

185.215.113.45/g4MbvE/index.php

Targets

    • Target

      1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181

    • Size

      6MB

    • MD5

      eaf0414732a32787b8c26e69af59bfa0

    • SHA1

      e313935ac46f141a3940236026cfe0eb0f4a1dcc

    • SHA256

      1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181

    • SHA512

      cc9dda5d5072e3ef01ee3e61fe23d0e753ca5957ff9f15e49377bd84a0be5b1f3606aaca9e6cbc7ff6fb67cf130da2d2174c32c5a2e5911706acf6b085706ab1

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                  Privilege Escalation

                    Tasks