Overview

overview

10

Static

static

10

soso.exe

windows10-2004-x64

10

Resubmissions

03-09-2023 16:21

230903-ttw3yaah91 10

03-09-2023 16:18

230903-tr9w1sah9x 10

03-09-2023 16:14

230903-tpye7sbd64 10

03-09-2023 15:51

230903-tazdysbd34 10

03-09-2023 15:43

230903-s6daxsbc96 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    soso.exe

  • Size

    307KB

  • Sample

    230903-tazdysbd34

  • MD5

    55f845c433e637594aaf872e41fda207

  • SHA1

    1188348ca7e52f075e7d1d0031918c2cea93362e

  • SHA256

    f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39

  • SHA512

    5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

  • SSDEEP

    6144:GUG2bcUH6Z0+ReEjhVsJgAmkMAIeuudb8MT8AOacOZS:GU9bIeEdVsJqeuudbFT8SZS

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

79.137.192.18/9bDc8sQ/index.php

Attributes
  • install_dir

    577f58beff

  • install_file

    yiueea.exe

  • strings_key

    a5085075a537f09dec81cc154ec0af4d

rc4.plain

Targets

    • Target

      soso.exe

    • Size

      307KB

    • MD5

      55f845c433e637594aaf872e41fda207

    • SHA1

      1188348ca7e52f075e7d1d0031918c2cea93362e

    • SHA256

      f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39

    • SHA512

      5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

    • SSDEEP

      6144:GUG2bcUH6Z0+ReEjhVsJgAmkMAIeuudb8MT8AOacOZS:GU9bIeEdVsJqeuudbFT8SZS

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Command and Scripting Interpreter

1
T1059

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks