Overview

overview

10

Static

static

3

138b791bb0...9a.exe

windows7-x64

10

138b791bb0...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    138b791bb04c3073e3e752fdcf5bc5490c4169e9f553954b025aab8414c4589a.zip

  • Size

    501KB

  • Sample

    231125-lgghqaad9v

  • MD5

    03eef97bce57664a5f024579bae1b405

  • SHA1

    6d081d30543fd125becb8fafe13750aa98096726

  • SHA256

    5cd379d1024d7dae18b1dcb62a0290008c3c67e4c46f13c2c639d3a7aae51bee

  • SHA512

    715eac9b5f36e646bb58975a0c91966dcefc67b9a99e650d026dfa8f846a700af0507cc412af7d0f82f88a74de3f61ed0197706c17a40e5230e6b2edd326b155

  • SSDEEP

    12288:a5pOHDmcSIQ5c3acI4KBe09IjBjDEU2bUJaMwpj76ZyHXxvqRbB3q:aSHDOeV09RU2bUJaMg2AZqRbB6

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://brodoyouevenlift.co.za

Attributes
  • install_dir

    ce3eb8f6b2

  • install_file

    Utsysc.exe

  • strings_key

    c5b804d7b4c8a99f5afb89e5203cf3ba

  • url_paths

    /g9sdjScV2/index.php

    /vdhe8ejs3/index.php

rc4.plain

Targets

    • Target

      138b791bb04c3073e3e752fdcf5bc5490c4169e9f553954b025aab8414c4589a.exe

    • Size

      531KB

    • MD5

      a544d2c23c55904dbf0f0190f42eaac6

    • SHA1

      e9d920e5400b36562dfe81b900b99d35b70576b9

    • SHA256

      138b791bb04c3073e3e752fdcf5bc5490c4169e9f553954b025aab8414c4589a

    • SHA512

      21d50d0239326ced64c8c294f53fd58fe715c3f38550b151117786b1201997e899414fefc3734fc139502d27b81c36c64d07dc64305ead24b80ac9646f114ac5

    • SSDEEP

      12288:fz9JHhp3l7Nt0P78PyCp3qkxD+XYaVikoSG6s7XuwMefn:fzXtNeP7v6XZMYackkX/

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks