General

  • Target

    79e2d3f5ddf61b7dd8143fa0a36c54306bcbcdc19ead2c51fb424bc517a9c24c

  • Size

    103KB

  • Sample

    230925-hhe5hacg8s

  • MD5

    8b2eda50e8a9cf865f4d24b45035614f

  • SHA1

    9003f219752b684248aa77c5e48a360408c66f55

  • SHA256

    abc3fb43b3e93d75166249c16165afea9cc1a2c3b39d79f4f2bac18e0150e874

  • SHA512

    13adf9814a564939850f632eed95244244bbcadeaede5336ffe8563945189e2385e07d8fffe9b0eab48a227a2903a0d31a1ba5dac571a5e88c470224a413fedc

  • SSDEEP

    3072:xLTzrHEDjomznpCacXyS+ZLRyy4u1m6JN:xLXmD8hX8ZNyYm6f

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explonde.exe

  • strings_key

    916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

    • Target

      79e2d3f5ddf61b7dd8143fa0a36c54306bcbcdc19ead2c51fb424bc517a9c24c

    • Size

      238KB

    • MD5

      a028ce0018beb30a2a9df163f3eb6e44

    • SHA1

      f475bf4b2a92729daa16f4a59de1edd701410782

    • SHA256

      79e2d3f5ddf61b7dd8143fa0a36c54306bcbcdc19ead2c51fb424bc517a9c24c

    • SHA512

      bfa09509ad6bcfe301a8e60555bcf7a094ac58edf4b6e929876f5f5f6e1f12a42524a321612a6ff5bf56e1d891350e4e0c92d83be5cbead36cb97d3d482a2bc6

    • SSDEEP

      6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detected google phishing page

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks