Overview

overview

10

Static

static

3

2bca982e0e...e1.exe

windows7-x64

10

2bca982e0e...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2bca982e0e5b82440ccd17351d5cd916a9b769bcc0fb9df3f1163ce2ab9850e1

  • Size

    294KB

  • Sample

    231208-px8hxsee21

  • MD5

    7974823ca3490ff2154653a9197ea04a

  • SHA1

    b18a53d023ac494b8a13cc3d9be5ea70af1f923e

  • SHA256

    cf5e1526355e39553fef3c7a9aa2eec02966f4432019b49553ca409e10b9c1d7

  • SHA512

    d3dbd4fed70fc137d6bc9d39ba6b3f79a750c95c46e45f66f0f9e0eaef5ba98bdd58c3a7740222a1d28f737c9e3603fd3aa159207392ce06bb190bd9cdbfbae8

  • SSDEEP

    6144:qSuzuzP42tskgQT+z9RQdBymELg4JlKZGpCLQh4dgplWf99:qhy42tU5KBwg6KhEmQl4

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

4.11

C2

http://shohetrc.com

http://sibcomputer.ru

http://tve-mail.com
Attributes
  • install_dir

    d4dd819322

  • install_file

    Utsysc.exe

  • strings_key

    8419b3024d6f72beef8af6915e592308

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      2bca982e0e5b82440ccd17351d5cd916a9b769bcc0fb9df3f1163ce2ab9850e1

    • Size

      382KB

    • MD5

      b2d2a10399b902efbd4c02cf2b2eac34

    • SHA1

      13b8e3acf1ef3f549cb8c5d236edb050234006a7

    • SHA256

      2bca982e0e5b82440ccd17351d5cd916a9b769bcc0fb9df3f1163ce2ab9850e1

    • SHA512

      d5637a611bfd49cbd9eaab6f31cea0cd26c011c5c5ae7328b251df8c1455da8f7a61163f716e3bf6336c930d6452bbdbd074ede9b6a58c027e0f548bbde9419a

    • SSDEEP

      6144:a/F0Z2tsmgQT+z9ZQvBymELE4JlKZGp0LQh4U6o3T:UFM2ts5yBwE6KpE7D

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks