General

  • Target

    90cc787870f37ff7bd617976d253b613eab4fcbe65fb31cf3890efeb6636d9d3.exe

  • Size

    302KB

  • Sample

    220517-jra3ksbfdk

  • MD5

    a359f00c1f48a7d4bb1eb05ad9a2fe3f

  • SHA1

    053733b31efcab28d6548a9edbf03e963b43b18c

  • SHA256

    90cc787870f37ff7bd617976d253b613eab4fcbe65fb31cf3890efeb6636d9d3

  • SHA512

    a2e3731c3e80e890e768a18fc8ca4a9c40b1486b4f1729b32d36df7870885c5da36942f1c0a0c3c0187b8404d1c3fcab8a61e620bf3717e7fe9f7bcc343c6542

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.05

C2

wecrack.su/fkwdoXScn2/index.php

Targets

    • Target

      90cc787870f37ff7bd617976d253b613eab4fcbe65fb31cf3890efeb6636d9d3.exe

    • Size

      302KB

    • MD5

      a359f00c1f48a7d4bb1eb05ad9a2fe3f

    • SHA1

      053733b31efcab28d6548a9edbf03e963b43b18c

    • SHA256

      90cc787870f37ff7bd617976d253b613eab4fcbe65fb31cf3890efeb6636d9d3

    • SHA512

      a2e3731c3e80e890e768a18fc8ca4a9c40b1486b4f1729b32d36df7870885c5da36942f1c0a0c3c0187b8404d1c3fcab8a61e620bf3717e7fe9f7bcc343c6542

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks