General
-
Target
cdeeb0f1b8c30d1e55998094064f46c523d637776a16fea2ef92aeefd79f7073
-
Size
2.5MB
-
Sample
220215-gqz9zabef8
-
MD5
3d01438bfca0d5786c9e473f087c4c56
-
SHA1
ec905150408d52283b26c1b283fbf537d9423114
-
SHA256
cdeeb0f1b8c30d1e55998094064f46c523d637776a16fea2ef92aeefd79f7073
-
SHA512
ea236c2b5308345dbe49eab90615a0c9a7d53f6781b427d899de45e3a54236036d352079b7896101c8eea3ff6f1300e758857d8e86d2054a72219c2030c499a6
Malware Config
Extracted
amadey
2.50
depressionk1d.ug/k8FppT/index.php
Targets
-
-
Target
cdeeb0f1b8c30d1e55998094064f46c523d637776a16fea2ef92aeefd79f7073
-
Size
2.5MB
-
MD5
3d01438bfca0d5786c9e473f087c4c56
-
SHA1
ec905150408d52283b26c1b283fbf537d9423114
-
SHA256
cdeeb0f1b8c30d1e55998094064f46c523d637776a16fea2ef92aeefd79f7073
-
SHA512
ea236c2b5308345dbe49eab90615a0c9a7d53f6781b427d899de45e3a54236036d352079b7896101c8eea3ff6f1300e758857d8e86d2054a72219c2030c499a6
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-