General

  • Target

    0x0005000000018fd8-86.dat

  • Size

    227KB

  • Sample

    230720-ky52zafb4t

  • MD5

    abd8f8d207c829721ce5a4bfe0f84750

  • SHA1

    55ecd2353e098e1b2856320bef2b1502c7db4669

  • SHA256

    bf7c1d8f8bb76eeba3a63a7067a70b4aecaaff66d9fe4edd0d52e7846030b0fe

  • SHA512

    e3a4315864a815c33c8035e66e409f315ea871f2f61b5ea83eab0b1f30de07fde0dfe511a81a21945bcd693912fffc48e159bdfea416511982a9c8876553e27d

  • SSDEEP

    3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

    • Target

      0x0005000000018fd8-86.dat

    • Size

      227KB

    • MD5

      abd8f8d207c829721ce5a4bfe0f84750

    • SHA1

      55ecd2353e098e1b2856320bef2b1502c7db4669

    • SHA256

      bf7c1d8f8bb76eeba3a63a7067a70b4aecaaff66d9fe4edd0d52e7846030b0fe

    • SHA512

      e3a4315864a815c33c8035e66e409f315ea871f2f61b5ea83eab0b1f30de07fde0dfe511a81a21945bcd693912fffc48e159bdfea416511982a9c8876553e27d

    • SSDEEP

      3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks