Overview

overview

10

Static

static

10

869b808c2e...6c.exe

windows7-x64

10

869b808c2e...6c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    869b808c2e811fae15bf4e8dc5c4c06eca2257959ea603ae420825b6417afa6c

  • Size

    109KB

  • Sample

    231004-k5ztjacc82

  • MD5

    818c4df643d4a90e33c78c58c53a362f

  • SHA1

    e1f72105d0d7cc200ea19bd3ddeb4a4027f3afcd

  • SHA256

    47baacf9a3d6a3271e19b766cdde56690637b385e701e2b71c2a3c10a8e59f0d

  • SHA512

    a22b92300955abaa4097caa2b6870997295bc501c60437ad566685209c73e2155ea948c3d42cb95ab037373bff8206d4e0ba45bda50caffc7241e046ecb461fa

  • SSDEEP

    1536:DRd9SG/D2iOVA8jnMfRLVNr/PJTmiq5/fO8Y0gfRS45LpzfphyPyYWL9fJnQwnk:dd9E3VA8jatPJDKe8Hy51jD6yhJnY

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explothe.exe

  • strings_key

    36a96139c1118a354edf72b1080d4b2f

rc4.plain

Targets

    • Target

      869b808c2e811fae15bf4e8dc5c4c06eca2257959ea603ae420825b6417afa6c

    • Size

      228KB

    • MD5

      2293afc8c4c9648a553ad2e7235ff7b1

    • SHA1

      85791066749bd9a4129a5611913f2074b585fc16

    • SHA256

      869b808c2e811fae15bf4e8dc5c4c06eca2257959ea603ae420825b6417afa6c

    • SHA512

      2bcd4cd0617ef04d5f29e63c95bb986a80c017c7a11250583ede8a60fe6662126d63ed2665dff81ed101aa9d5c203f461d8364902d05f1439323a2402cb1e308

    • SSDEEP

      6144:LEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:LE32xpoaxBFg1ugMeS

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks