General

  • Target

    11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945

  • Size

    2MB

  • Sample

    231205-kmklwsad93

  • MD5

    5f2476a80b7ad8a8083b0ec5d5f904ed

  • SHA1

    198005ee8ff0cacc32aa0613f4f6c7e12ca47d44

  • SHA256

    11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945

  • SHA512

    ec0963116b4e1b3222834253af4c21b61465887baeba4830fd96006943a452b3c6671bad338b6663ebf3bc184caf0ca50dd0402e8faa1ec5617c9f6c707935c3

  • SSDEEP

    49152:yHYMlMk7lxGhm1nUfEWW+WKBry81Gk4yvyD0mfCFIYQR:y4MlMCG4FUcWW+dy8UKCdR

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.125

Attributes
  • install_dir

    4fdb51ccdc

  • install_file

    Utsysc.exe

  • strings_key

    a70b05054314f381be1ab9a5cdc8b250

  • url_paths

    /u6vhSc3PPq/index.php

rc4.plain

Targets

    • Target

      11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945

    • Size

      2MB

    • MD5

      5f2476a80b7ad8a8083b0ec5d5f904ed

    • SHA1

      198005ee8ff0cacc32aa0613f4f6c7e12ca47d44

    • SHA256

      11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945

    • SHA512

      ec0963116b4e1b3222834253af4c21b61465887baeba4830fd96006943a452b3c6671bad338b6663ebf3bc184caf0ca50dd0402e8faa1ec5617c9f6c707935c3

    • SSDEEP

      49152:yHYMlMk7lxGhm1nUfEWW+WKBry81Gk4yvyD0mfCFIYQR:y4MlMCG4FUcWW+dy8UKCdR

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks