Overview

overview

10

Static

static

10

56de980060...90.zip

windows10-2004-x64

1

56de980060...90.exe

windows10-2004-x64

10

Resubmissions

09-06-2023 07:09

230609-hytmtsca9y 10

09-06-2023 07:05

230609-hwwpeaca8s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56de980060e4a4e6619fcda6b716b08278487459a301a1938838b90467531490.zip

  • Size

    89KB

  • Sample

    230609-hytmtsca9y

  • MD5

    f3378f9e5ea66b8cec52af2a421698ba

  • SHA1

    7c6756f18b6acfccc8c6aef6187f0d864832ca66

  • SHA256

    517ca732b8978bcb812762a16130fa3929d1ecbe2a368b42efc8285a8c880e58

  • SHA512

    8430d6c430054205452c88381c3f36b99c60746883d0b90b58d32874b9f62653ed09165d01fd7e069ef6f129dfb930d1de31cab54605f57185c347436bcc8fac

  • SSDEEP

    1536:tSfsi05AqqcFdrqGcVnIxpykZj7iFdDI6/LF8wnKvW+Gukuj492Kl8w6whbIrnGr:of2AqjFhqHpI/ykVi+66wn1JO49ZGrnC

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.62/wings/game/index.php

Targets

    • Target

      56de980060e4a4e6619fcda6b716b08278487459a301a1938838b90467531490.zip

    • Size

      89KB

    • MD5

      f3378f9e5ea66b8cec52af2a421698ba

    • SHA1

      7c6756f18b6acfccc8c6aef6187f0d864832ca66

    • SHA256

      517ca732b8978bcb812762a16130fa3929d1ecbe2a368b42efc8285a8c880e58

    • SHA512

      8430d6c430054205452c88381c3f36b99c60746883d0b90b58d32874b9f62653ed09165d01fd7e069ef6f129dfb930d1de31cab54605f57185c347436bcc8fac

    • SSDEEP

      1536:tSfsi05AqqcFdrqGcVnIxpykZj7iFdDI6/LF8wnKvW+Gukuj492Kl8w6whbIrnGr:of2AqjFhqHpI/ykVi+66wn1JO49ZGrnC

    Score
    1/10
    behavioral1

    • Target

      56de980060e4a4e6619fcda6b716b08278487459a301a1938838b90467531490

    • Size

      218KB

    • MD5

      3367e30e4f2e023419d7b3c4251f854f

    • SHA1

      f364b4426d5ec06f152b0dde69306313f1de34ee

    • SHA256

      56de980060e4a4e6619fcda6b716b08278487459a301a1938838b90467531490

    • SHA512

      6ea512daf807b64acedb2b8e61b1b818ce181f9a56069688b49b1067493613362cd00d14a6e5e849caa2582e85ec46ffa59e15944fdeead54da98a552e76c85b

    • SSDEEP

      3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks