General

  • Target

    468033c2e6a98660cda4376fa7b2b95c.exe

  • Size

    436KB

  • Sample

    231127-sqrhlshd5v

  • MD5

    468033c2e6a98660cda4376fa7b2b95c

  • SHA1

    340529da72ad4aad5896cfdbd49d293028eb96d5

  • SHA256

    b70d16a1fda7970ec06e9250b6215062d4a77b7c3bf52a75195ba8cce285643b

  • SHA512

    25581dcb6f731eccece7604b0d5410c356144b6886e8a344fd6891ec9544994e8279ee35d5b8f7f1cc7911cd7073f4ef6917ffb820effc48b4bb0af6f0318342

  • SSDEEP

    6144:KCS/nm7QpasI425Jyuu2LwKAFqfKxyiM0MxYhLcgvR:KCmsQpiufqfqTS

Malware Config

Extracted

Family

amadey

C2

http://arrunda.ru

http://soetegem.com

http://tceducn.com

Attributes
  • strings_key

    eb714cabd2548b4a03c45f723f838bdc

  • url_paths

    /forum/index.php

rc4.plain

Extracted

Family

amadey

Version

4.11

C2

http://shohetrc.com

http://sibcomputer.ru

http://tve-mail.com

Attributes
  • install_dir

    d4dd819322

  • install_file

    Utsysc.exe

  • strings_key

    8419b3024d6f72beef8af6915e592308

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      468033c2e6a98660cda4376fa7b2b95c.exe

    • Size

      436KB

    • MD5

      468033c2e6a98660cda4376fa7b2b95c

    • SHA1

      340529da72ad4aad5896cfdbd49d293028eb96d5

    • SHA256

      b70d16a1fda7970ec06e9250b6215062d4a77b7c3bf52a75195ba8cce285643b

    • SHA512

      25581dcb6f731eccece7604b0d5410c356144b6886e8a344fd6891ec9544994e8279ee35d5b8f7f1cc7911cd7073f4ef6917ffb820effc48b4bb0af6f0318342

    • SSDEEP

      6144:KCS/nm7QpasI425Jyuu2LwKAFqfKxyiM0MxYhLcgvR:KCmsQpiufqfqTS

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks