General

  • Target

    212e8cbc9a69df7ca07dd579238f1d061b4066365274c7491fa14e6b64bc903b

  • Size

    103KB

  • Sample

    230925-hknjnaec79

  • MD5

    29ac5c037ef6004b85e437c484d7f6f8

  • SHA1

    f767dc0fe0be82549dba5e2bf13d3630d2e9ab58

  • SHA256

    74ed9e47551c98c130edc9f2baa4b3dbb4718218f615d8534ca1104de1bf68aa

  • SHA512

    92a1b1f3faf1438779a8976065b6795a411e019455fe551a855c191428da2680c8f20a135407361b280524cfc7d9350135c84bff6332c4171e6d7c2c432a6644

  • SSDEEP

    3072:nLTzrHEDjomznpCacXyS+ZLRyy401G6JPy:nLXmD8hX8ZNyqG6By

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explonde.exe

  • strings_key

    916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

    • Target

      212e8cbc9a69df7ca07dd579238f1d061b4066365274c7491fa14e6b64bc903b

    • Size

      238KB

    • MD5

      019f3278e6234effcaee7715b3db4c25

    • SHA1

      f607ab4b187cdd54c9def836e2a10452f03d7098

    • SHA256

      212e8cbc9a69df7ca07dd579238f1d061b4066365274c7491fa14e6b64bc903b

    • SHA512

      9b97087662941057dcf8aa3359c7bf49cef4008a69170a23332211e7073b74b00aa4dd4e77ecc7f092ac1bc1e8d00450018591dacc81261972649a74d25b2b82

    • SSDEEP

      6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Detected google phishing page

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks