Overview

overview

10

Static

static

10

NEAS.22baf...JC.exe

windows7-x64

10

NEAS.22baf...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.22bafad3cde361ca58777f637e77b660_JC.exe

  • Size

    220KB

  • Sample

    231104-m5vwpaag24

  • MD5

    22bafad3cde361ca58777f637e77b660

  • SHA1

    7c22a7af45bcfcf00dde8febc60543d1b8a3580c

  • SHA256

    ccf3f001a240c1ec37633f478fd9e336107233dbb50da08a5cb40d0f4e313473

  • SHA512

    30ecea6f6b2585f894b52c2df57f5b932136f0696da0706675bc9acea7f0e0c998bbd154cfc5012dcba80937704aa8f88c26c9da6dd2bae8fd2befabf8ceabd3

  • SSDEEP

    6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explothe.exe

  • strings_key

    36a96139c1118a354edf72b1080d4b2f

rc4.plain

Targets

    • Target

      NEAS.22bafad3cde361ca58777f637e77b660_JC.exe

    • Size

      220KB

    • MD5

      22bafad3cde361ca58777f637e77b660

    • SHA1

      7c22a7af45bcfcf00dde8febc60543d1b8a3580c

    • SHA256

      ccf3f001a240c1ec37633f478fd9e336107233dbb50da08a5cb40d0f4e313473

    • SHA512

      30ecea6f6b2585f894b52c2df57f5b932136f0696da0706675bc9acea7f0e0c998bbd154cfc5012dcba80937704aa8f88c26c9da6dd2bae8fd2befabf8ceabd3

    • SSDEEP

      6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks