General

  • Target

    tmp

  • Size

    595KB

  • Sample

    240204-j1jq3sfdaq

  • MD5

    2060ab69656588e8acefcde9c7cc0a5f

  • SHA1

    f4501b82e348b38cf4f877bff1c1447828585c6a

  • SHA256

    b39f3c1533ff0a817a221ec313c11b926dfcc1b0e3a3a49fea5cb3151b094ee3

  • SHA512

    10f3447e6cd5a065184395368825030951c62e6c59f980399f832b0862ae09d8db20b7557c4b25917ca78c92750dfb9654e5064fc860a5a6abff198574fa6573

  • SSDEEP

    12288:ih1Fk70TnvjcWYbRQsBTNcHG2k+Nfw3HtUZwi+rRvoR9yrc4+GX:Mk70TrcWYbmsBxN2otUf+Yyrc0X

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://193.233.132.167

Attributes
  • install_dir

    4d0ab15804

  • install_file

    chrosha.exe

  • strings_key

    1a9519d7b465e1f4880fa09a6162d768

  • url_paths

    /enigma/index.php

rc4.plain

Targets

    • Target

      tmp

    • Size

      595KB

    • MD5

      2060ab69656588e8acefcde9c7cc0a5f

    • SHA1

      f4501b82e348b38cf4f877bff1c1447828585c6a

    • SHA256

      b39f3c1533ff0a817a221ec313c11b926dfcc1b0e3a3a49fea5cb3151b094ee3

    • SHA512

      10f3447e6cd5a065184395368825030951c62e6c59f980399f832b0862ae09d8db20b7557c4b25917ca78c92750dfb9654e5064fc860a5a6abff198574fa6573

    • SSDEEP

      12288:ih1Fk70TnvjcWYbRQsBTNcHG2k+Nfw3HtUZwi+rRvoR9yrc4+GX:Mk70TrcWYbmsBxN2otUf+Yyrc0X

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks