Overview

overview

10

Static

static

28194aab83...59.exe

windows7-x64

10

28194aab83...59.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    28194aab838d42d44d039b2532c6af754db65d25453d583d491d785245589259

  • Size

    208KB

  • Sample

    221122-ty5kwaaa83

  • MD5

    86b4ebe06bf9ba8ce845d6f3d7f72b41

  • SHA1

    ed0d1530e3b04f6ba78804544e74ea04cdb8e00e

  • SHA256

    cd335790f30143934e6aa17aab384be80238d47e5a08b86a2482fc0121b18041

  • SHA512

    e8a152cb496843652cd83dc94b81b540e95e2d6dbbe5a82602d2de5b2096f700dd8e66ea5b7efa58a27dd6a55ea345e88d4a8ebed7078629356661adc97ee3d5

  • SSDEEP

    3072:Pl5Sw6Hk0muo7L3LP60VGhm84kM5949h6+x+PmChKiGE2mTgEP1gO+aAQ:Prr6Hk0m7L3bw0f9ux+Ph3GE6s1gJav

Score
10/10
amadeysmokeloaderbackdoorspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.174/g84kvj4jck/index.php

Targets

    • Target

      28194aab838d42d44d039b2532c6af754db65d25453d583d491d785245589259

    • Size

      303KB

    • MD5

      fd5756155b06ca69cc499ec9d6e695b1

    • SHA1

      bb072ae8b2acc490e4edaf1ddf9c517b9ad868d5

    • SHA256

      28194aab838d42d44d039b2532c6af754db65d25453d583d491d785245589259

    • SHA512

      4c8f54f1f2624323968a793c3861e6f4f1ee96bee4f695a2f3c4191ecc30e2b8494ef4d7d81eed08f89d7b59dea8b514ab32475cfea56ee1441545c522a78021

    • SSDEEP

      6144:JFV2Vqke3XQE9ux+LWFvviu22tThsIeGjY6:gk70+k3l22ZVE

    Score
    10/10
    smokeloaderbackdoortrojanamadeyspywarestealer

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks