amadey | 7c94846904eeffd843980d64ba0eee3b8a81a52aeb60b5a5195bf7b426e4a443 | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

595KB
Sample

240202-aebc5sbegm
MD5

63d9528b6667199d22c482f15643ab31
SHA1

6b6ee0d6d1d661dc3806b653757c5fa8fbc7fd36
SHA256

7c94846904eeffd843980d64ba0eee3b8a81a52aeb60b5a5195bf7b426e4a443
SHA512

1bcf34c21d452db4212358d5ba10339b1d8c42ceda80741affdd54f2bc6dac876e10d72b583e7e7df65d47d9d4f95184b38f7b51963e82afba34d8540dc44e58
SSDEEP

12288:gh1Fk70TnvjcU72Em20lUIIgp05m/x979RE/UzIB8Irh:mk70TrcUSEHIIghREMyld

Score

10^/10

amadey trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://193.233.132.167

Attributes

install_dir
4d0ab15804
install_file
chrosha.exe
strings_key
1a9519d7b465e1f4880fa09a6162d768
url_paths
/enigma/index.php

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  595KB
- MD5
  
  63d9528b6667199d22c482f15643ab31
- SHA1
  
  6b6ee0d6d1d661dc3806b653757c5fa8fbc7fd36
- SHA256
  
  7c94846904eeffd843980d64ba0eee3b8a81a52aeb60b5a5195bf7b426e4a443
- SHA512
  
  1bcf34c21d452db4212358d5ba10339b1d8c42ceda80741affdd54f2bc6dac876e10d72b583e7e7df65d47d9d4f95184b38f7b51963e82afba34d8540dc44e58
- SSDEEP
  
  12288:gh1Fk70TnvjcU72Em20lUIIgp05m/x979RE/UzIB8Irh:mk70TrcUSEHIIghREMyld
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- .NET Reactor proctector
  Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy