Overview

overview

10

Static

static

s.exe

windows7_x64

10

s.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    s.exe

  • Size

    273KB

  • Sample

    220404-d9xreaacg9

  • MD5

    d9a7e822d38ef4624cb6c6d6c058bc30

  • SHA1

    3f48b9031f653d55eb5c53a8c99346b0d4f1bd52

  • SHA256

    adb4b3905162013e327b67bbeea18e1473aafb6b00a403634bd10cf8b1770929

  • SHA512

    3084f7c27a5b453b8def1c7e8fd0f68ddcc408e57207635192451b92d0885e9ef3fafbb6c20491359a4da8cb06b35b446c11d70fa1fe0185d92d963eed5e9c5f

Score
10/10
amadeysystembctrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Extracted

Family

amadey

Version

3.08

C2

179.43.154.147/d2VxjasuwS/index.php

Targets

    • Target

      s.exe

    • Size

      273KB

    • MD5

      d9a7e822d38ef4624cb6c6d6c058bc30

    • SHA1

      3f48b9031f653d55eb5c53a8c99346b0d4f1bd52

    • SHA256

      adb4b3905162013e327b67bbeea18e1473aafb6b00a403634bd10cf8b1770929

    • SHA512

      3084f7c27a5b453b8def1c7e8fd0f68ddcc408e57207635192451b92d0885e9ef3fafbb6c20491359a4da8cb06b35b446c11d70fa1fe0185d92d963eed5e9c5f

    Score
    10/10
    amadeysystembctrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks