Overview

overview

10

Static

static

10

79f5147260...71.exe

windows7-x64

10

79f5147260...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71.exe.zip

  • Size

    219KB

  • Sample

    231201-snzq7sca91

  • MD5

    adc3734cf2f1c1022aa3d343fe5c0646

  • SHA1

    2b69a1b3fdd281118971625683f34ac7c201900e

  • SHA256

    40c74603e6afde892122d3fd750411e80868dc4f1de5f86bbf7132c3585f3df6

  • SHA512

    25e27792720b9e915e1094d4200f0e42ba88ea60042f9eed489ab8ddb5ccea6d79b6ee96fb24eb4e2610ee044e99b5c8f6064e3c0c130494687e1df42ec39594

  • SSDEEP

    6144:HQkze7SA0GoKb00XXu7tqjwBJyumVp3e+1vfh0lo:HRlDNKDXXhwBJqpr1h06

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://bitcoinstorm.cc

http://blackgold.top

http://emancipation1866.top
Attributes
  • strings_key

    550b275dd5aea0a3932bf7e10871e2c7

  • url_paths

    /g9sdjScV2/index.php

    /vdhe8ejs3/index.php

    /ghndbncg3S/index.php

rc4.plain

Targets

    • Target

      79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71.exe

    • Size

      437KB

    • MD5

      625cb97439daa80940791f626bb4765c

    • SHA1

      af462cf5435efceefcd6786f212e192403e80c4b

    • SHA256

      79f5147260484890fd1fab7a78619de557103717e124f1c249addc530b737a71

    • SHA512

      145f8dba2288b45ef2f0ba1582861131501fb90697dfd1a79bfcdb93fa1d9110283ccb95e24317876082c7b5b24e32f2d7f954d93cb0cac2d819dec920d00891

    • SSDEEP

      12288:C+mHU45lKN78RhFkvULfYOmBpumeYDDtKf:Ce45lKh87zLwp7Kf

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks