Overview

overview

10

Static

static

348bc08d7e...0c.exe

windows7-x64

10

348bc08d7e...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    348bc08d7eb2bca259faed36e2c9560c.exe

  • Size

    718KB

  • Sample

    221125-nmp36agh4z

  • MD5

    348bc08d7eb2bca259faed36e2c9560c

  • SHA1

    21b7bf4d2b8a186c74939001268c2d247849fb35

  • SHA256

    613a96ed73db7b6af758c87d4d20e6de169cabffe6bafaeba2281856ff281f43

  • SHA512

    edfad960a4c02b87cee7c3c24a1d0d8d33af8c08d5a9214a9181d54a375eb81030f88878e185f222e76f784a0434e637a45e22660e94c267b7a4d19b0dc71b43

  • SSDEEP

    12288:yNinsu9YtMvlMOhB+m/bGTJSZ1H7XbSR6CJIspaPMjl4tC5:iesueMvlhSAzfmTcPA4tA

Score
10/10
amadeypersistencetrojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

update.nodfirewalld.org/MvwWdj2/index.php

download.gitextension.com/MvwWdj2/index.php

Targets

    • Target

      348bc08d7eb2bca259faed36e2c9560c.exe

    • Size

      718KB

    • MD5

      348bc08d7eb2bca259faed36e2c9560c

    • SHA1

      21b7bf4d2b8a186c74939001268c2d247849fb35

    • SHA256

      613a96ed73db7b6af758c87d4d20e6de169cabffe6bafaeba2281856ff281f43

    • SHA512

      edfad960a4c02b87cee7c3c24a1d0d8d33af8c08d5a9214a9181d54a375eb81030f88878e185f222e76f784a0434e637a45e22660e94c267b7a4d19b0dc71b43

    • SSDEEP

      12288:yNinsu9YtMvlMOhB+m/bGTJSZ1H7XbSR6CJIspaPMjl4tC5:iesueMvlhSAzfmTcPA4tA

    Score
    10/10
    amadeypersistencetrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks