Overview

overview

10

Static

static

3

50b59ec662...ec.exe

windows7-x64

10

50b59ec662...ec.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50b59ec66299f7a528e35b5747cff7ec.exe

  • Size

    434KB

  • Sample

    231127-ssg2yshd74

  • MD5

    50b59ec66299f7a528e35b5747cff7ec

  • SHA1

    1a4a71093b3075a2b28184908fe5e80d03d65e82

  • SHA256

    5abd71acc7aaa2bb26c92e6c5d1827b20b8157f74b612b3bd1a6b79e2bd6a2e6

  • SHA512

    5b34ca72ddfd01617c0ee622b06117ee825c70c442a04dd4c931ff3ab7f1a449c19fe9127e0ddaaf75395bc00942e7040a1117bf5d20a0042324c430e20ad02d

  • SSDEEP

    6144:E+rEsiveHU/h1HiUUgO+rO2gdY8xWthfs+Eusf/:E+rEsiveehZU2gYs0hfs+4/

Score
10/10
amadeyspywarestealertrojan

Malware Config

Extracted

Family

amadey

C2

http://arrunda.ru

http://soetegem.com

http://tceducn.com
Attributes
  • strings_key

    eb714cabd2548b4a03c45f723f838bdc

  • url_paths

    /forum/index.php

rc4.plain

Extracted

Family

amadey

Version

4.11

C2

http://shohetrc.com

http://sibcomputer.ru

http://tve-mail.com
Attributes
  • install_dir

    d4dd819322

  • install_file

    Utsysc.exe

  • strings_key

    8419b3024d6f72beef8af6915e592308

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      50b59ec66299f7a528e35b5747cff7ec.exe

    • Size

      434KB

    • MD5

      50b59ec66299f7a528e35b5747cff7ec

    • SHA1

      1a4a71093b3075a2b28184908fe5e80d03d65e82

    • SHA256

      5abd71acc7aaa2bb26c92e6c5d1827b20b8157f74b612b3bd1a6b79e2bd6a2e6

    • SHA512

      5b34ca72ddfd01617c0ee622b06117ee825c70c442a04dd4c931ff3ab7f1a449c19fe9127e0ddaaf75395bc00942e7040a1117bf5d20a0042324c430e20ad02d

    • SSDEEP

      6144:E+rEsiveHU/h1HiUUgO+rO2gdY8xWthfs+Eusf/:E+rEsiveehZU2gYs0hfs+4/

    Score
    10/10
    amadeyspywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks