Overview

overview

10

Static

static

10

1288-12-0x...ry.exe

windows7-x64

10

1288-12-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1288-12-0x0000000001210000-0x0000000001618000-memory.dmp

  • Size

    4.0MB

  • Sample

    240122-wyny8scee6

  • MD5

    a842a332af5ccef9f8dac155048f2f35

  • SHA1

    f161e236bfd5e9343816de1c11d6fb7283c3fdfb

  • SHA256

    84940131b014fb32a6dcfb9d3cbf3eca3b1aef1bda2e433f2adb24e671a4b7fb

  • SHA512

    6357dad9a1c55a27ed567c2e4c1f5905956ed3cbc6952dba8576c1f4fd53a610c61a0d5fc85681b3f1f45744748b6107acf26666a904f47e801ff37bc684ef77

  • SSDEEP

    49152:7jE/GCdlEVhf/JD32TvRIyunAlpadsLK+mZSgfpF:s/5dlEVhf/ZmTvRIspavSgfp

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

4.15

C2

http://185.215.113.68

Attributes
  • install_dir

    d887ceb89d

  • install_file

    explorhe.exe

  • strings_key

    7cadc181267fafff9df8503e730d60e1

  • url_paths

    /theme/index.php

rc4.plain

Targets

    • Target

      1288-12-0x0000000001210000-0x0000000001618000-memory.dmp

    • Size

      4.0MB

    • MD5

      a842a332af5ccef9f8dac155048f2f35

    • SHA1

      f161e236bfd5e9343816de1c11d6fb7283c3fdfb

    • SHA256

      84940131b014fb32a6dcfb9d3cbf3eca3b1aef1bda2e433f2adb24e671a4b7fb

    • SHA512

      6357dad9a1c55a27ed567c2e4c1f5905956ed3cbc6952dba8576c1f4fd53a610c61a0d5fc85681b3f1f45744748b6107acf26666a904f47e801ff37bc684ef77

    • SSDEEP

      49152:7jE/GCdlEVhf/JD32TvRIyunAlpadsLK+mZSgfpF:s/5dlEVhf/ZmTvRIspavSgfp

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks