General

  • Target

    0x00070000000132ee-92.dat

  • Size

    205KB

  • Sample

    230615-ggte3aeg71

  • MD5

    81e8ccb695302c1b6789bd993db4f059

  • SHA1

    887eea9afc86b612bcc3d64114da3884cbf4baee

  • SHA256

    0c3974145ec2fb265b6046176308a2273428a268550cdc4492c71d5e76781bfb

  • SHA512

    b84c4693500a755bb4ae075dbab4da19166117e853387ae568c6bc752cae36fef150134e637b88a1bbe1975ec5a8234fc26b8071be91b984076eb561bd7b9958

  • SSDEEP

    3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

    • Target

      0x00070000000132ee-92.dat

    • Size

      205KB

    • MD5

      81e8ccb695302c1b6789bd993db4f059

    • SHA1

      887eea9afc86b612bcc3d64114da3884cbf4baee

    • SHA256

      0c3974145ec2fb265b6046176308a2273428a268550cdc4492c71d5e76781bfb

    • SHA512

      b84c4693500a755bb4ae075dbab4da19166117e853387ae568c6bc752cae36fef150134e637b88a1bbe1975ec5a8234fc26b8071be91b984076eb561bd7b9958

    • SSDEEP

      3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks