General

  • Target

    ccbe15242f9d376e8ea79b38af44494ad010385b2f9b39bbdef7fbd217356cbe

  • Size

    103KB

  • Sample

    230925-hj3l7aec75

  • MD5

    836ab53c74b656b97c229c296732d5e9

  • SHA1

    da6f2a2db41306ea7fb0a3545c6ee61b1d1841dd

  • SHA256

    527c5336ae0cd49b230419e8bf81fbe2dcab6b3811657979c1c0773748707b13

  • SHA512

    1042d397eb5351262f61476f5fa0ce50d6f16a64e67a8db983ce587594812d39e5c3d1daa205b3d110e75c8293449bfeeb1785b2bf894021f9a1ced75d5122db

  • SSDEEP

    3072:qLTzrHEDjomznpCacXyS+ZLRyy401G6JP2:qLXmD8hX8ZNyqG6B2

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explonde.exe

  • strings_key

    916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

    • Target

      ccbe15242f9d376e8ea79b38af44494ad010385b2f9b39bbdef7fbd217356cbe

    • Size

      238KB

    • MD5

      20e1625d6dbfd8b63236fed8b62ca387

    • SHA1

      ce31e897a6a5d553252ab8ba5d8b20cf8583e970

    • SHA256

      ccbe15242f9d376e8ea79b38af44494ad010385b2f9b39bbdef7fbd217356cbe

    • SHA512

      a3f4722bdf48cdb539dafd8b11063c9a1005f250a7f7eecea69d04cb9880c70e12f9f62a091514936ba4d2909b759c2d71c2f31c595458c548ee76eca4b13871

    • SSDEEP

      6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detected google phishing page

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks