Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    350s
  • max time network
    380s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 17:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    207KB

  • MD5

    b8163409efad572bc7627feafd46452d

  • SHA1

    882f5b58827cc7cb4faef3eb590728cd9764829d

  • SHA256

    cb8ccdb72d2ccc8aa9e1d5ef9eaf0365cada4573d1de36e6505c176fb4b27366

  • SHA512

    774c0797a5f5e0c18cb38ecf8a26ba17c2a0ee0a93de7f56a4ea37f65a31cb09a999e5138dcebaaca74e029df848feefeff8b7f12d863cb2245c858ce299ed93

  • SSDEEP

    3072:l5r5+ytc5m5Xqu8oSvXXomdtT7Voia060vQhS+ac1oivqxtExB:b57cOovXXoUtSi9ES+aceiyxG

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
      PID:1804

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1804-132-0x0000000000C19000-0x0000000000C38000-memory.dmp
      Filesize

      124KB

      Download
    • memory/1804-133-0x00000000026E0000-0x000000000271E000-memory.dmp
      Filesize

      248KB

      Download
    • memory/1804-134-0x0000000000C19000-0x0000000000C38000-memory.dmp
      Filesize

      124KB

      Download
    • memory/1804-135-0x0000000000400000-0x0000000000AE6000-memory.dmp
      Filesize

      6.9MB

      Download