Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3

  • Size

    1.5MB

  • Sample

    231126-2h8atscg86

  • MD5

    32fd90862f9a7732ec49aad05ba343fe

  • SHA1

    473a409ad0d6e896cedfa546c30b16b56355a11f

  • SHA256

    d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3

  • SHA512

    6b89f4e1f9874d580f2fe7acede465d7f9c651e57072b6ea02be5b8eaa89a6d97e9dd9d5181c710a3e00a5645806307311c11fb85a280ad2b961a90d63efe6dd

  • SSDEEP

    24576:ZQIsq2Q2GOAO4fCCy7gtlkJSfU2qZhGjZRDsKjuRui26a24UzhlMxO+znN:ZQIsq2Q2GOAO4fCZ7YlI2UioKCoi9zhM

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://brodoyouevenlift.co.za

Attributes
  • install_dir

    ce3eb8f6b2

  • install_file

    Utsysc.exe

  • strings_key

    c5b804d7b4c8a99f5afb89e5203cf3ba

  • url_paths

    /g9sdjScV2/index.php

    /vdhe8ejs3/index.php

rc4.plain

Targets

    • Target

      d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3

    • Size

      1.5MB

    • MD5

      32fd90862f9a7732ec49aad05ba343fe

    • SHA1

      473a409ad0d6e896cedfa546c30b16b56355a11f

    • SHA256

      d9419bc56421da78118cd511468bbc463bfb2c8d4405e2a6b38956b5a49d10a3

    • SHA512

      6b89f4e1f9874d580f2fe7acede465d7f9c651e57072b6ea02be5b8eaa89a6d97e9dd9d5181c710a3e00a5645806307311c11fb85a280ad2b961a90d63efe6dd

    • SSDEEP

      24576:ZQIsq2Q2GOAO4fCCy7gtlkJSfU2qZhGjZRDsKjuRui26a24UzhlMxO+znN:ZQIsq2Q2GOAO4fCZ7YlI2UioKCoi9zhM

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks