Overview

overview

10

Static

static

10

6523.exe

windows7-x64

10

6523.exe

windows10-2004-x64

10

Amdau.exe

windows7-x64

10

Amdau.exe

windows10-2004-x64

10

CLEP.exe

windows7-x64

10

CLEP.exe

windows10-2004-x64

10

DCKA.exe

windows7-x64

10

DCKA.exe

windows10-2004-x64

10

DEV.exe

windows7-x64

10

DEV.exe

windows10-2004-x64

10

DEVMin.exe

windows7-x64

10

DEVMin.exe

windows10-2004-x64

10

DevSt.exe

windows7-x64

1

DevSt.exe

windows10-2004-x64

1

Documents-...uz.exe

windows7-x64

7

Documents-...uz.exe

windows10-2004-x64

5

IqXYLXKzl6.exe

windows7-x64

IqXYLXKzl6.exe

windows10-2004-x64

1

LEMON.exe

windows7-x64

10

LEMON.exe

windows10-2004-x64

10

LIMMin.exe

windows7-x64

10

LIMMin.exe

windows10-2004-x64

10

LIMSt.exe

windows7-x64

1

LIMSt.exe

windows10-2004-x64

1

LK2.exe

windows7-x64

10

LK2.exe

windows10-2004-x64

10

NINJA.exe

windows7-x64

7

NINJA.exe

windows10-2004-x64

7

PolymodXT.exe

windows7-x64

10

PolymodXT.exe

windows10-2004-x64

10

UM.exe

windows7-x64

10

UM.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Amdau.exe

  • Size

    3.2MB

  • MD5

    c3ee25c18f2c408c9054d9c6d4c1e147

  • SHA1

    80d2395709b713647b199c22fdec5415d3a68052

  • SHA256

    c406b733897d091408ed5a656cfbf043623a8d08092269918184ccefd87971f0

  • SHA512

    d91a1675ca9a2923020ce244d00da6a9b686240dc7ef50185709ecbc2f6b8f92c371ee94ec277a2d3b0e33704c532d2f8779b39ac9f630b9b40f0794312d72f4

  • SSDEEP

    24576:0cUe92VHXy4fv6hfZQGwSWF6r+tLq9rNE0TR5sTlcJxbTGX+tIonLiMjrWD:rt9L4p7GJEeR51TGX10LPjrWD

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

http://45.9.74.182/b7djSDcPcZ/index.php

Attributes
  • install_dir

    f3f10bd848

  • install_file

    bstyoops.exe

  • strings_key

    05986a1cda6dc6caabf469f27fb6c32d

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Amdau.exe
    "C:\Users\Admin\AppData\Local\Temp\Amdau.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
      2⤵
        PID:2660
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
        2⤵
          PID:2940
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
          2⤵
            PID:2936
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
            2⤵
              PID:2512
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
              2⤵
                PID:2100

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • \Users\Admin\Videos\edddegyjjykj.exe
              Filesize

              3.2MB

              MD5

              c3ee25c18f2c408c9054d9c6d4c1e147

              SHA1

              80d2395709b713647b199c22fdec5415d3a68052

              SHA256

              c406b733897d091408ed5a656cfbf043623a8d08092269918184ccefd87971f0

              SHA512

              d91a1675ca9a2923020ce244d00da6a9b686240dc7ef50185709ecbc2f6b8f92c371ee94ec277a2d3b0e33704c532d2f8779b39ac9f630b9b40f0794312d72f4

              Download Submit

            • memory/1716-27-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-43-0x0000000004CC0000-0x0000000004D00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1716-3-0x0000000000240000-0x000000000025C000-memory.dmp

              Filesize

              112KB

              Download

            • memory/1716-4-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-5-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-7-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-28-0x0000000004CC0000-0x0000000004D00000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1716-11-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-15-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-13-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-19-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-17-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-21-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-23-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-49-0x0000000074600000-0x0000000074CEE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/1716-2-0x0000000074600000-0x0000000074CEE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/1716-9-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-29-0x00000000002B0000-0x00000000002B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1716-25-0x0000000000240000-0x0000000000255000-memory.dmp

              Filesize

              84KB

              Download

            • memory/1716-0-0x00000000013B0000-0x00000000016E4000-memory.dmp

              Filesize

              3.2MB

              Download

            • memory/1716-1-0x0000000074600000-0x0000000074CEE000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2100-34-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-33-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-35-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-36-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2100-38-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-40-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-41-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-42-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-32-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-31-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download

            • memory/2100-30-0x0000000000400000-0x000000000043B000-memory.dmp

              Filesize

              236KB

              Download