d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68 | Triage

Submit
Reports

Overview

overview

Static

static

3

d1e9eda8a4...68.exe

windows7-x64

d1e9eda8a4...68.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68
Size

412KB
Sample

240204-kem22sdda2
MD5

ffa7a6ba49261fc086759aa038e64c97
SHA1

716712c20ae36dd050af306d05f8942b302180ce
SHA256

d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68
SHA512

3a9ff007c9524806b1259b639f57ec5e0353546d0f76a7adc9e2a06a9d04f798a4ea53c6c4fd8ac07419aa9c5fa043153925378be7b7a7b845dee76cef5f8461
SSDEEP

6144:NKye3p8wGTqJSJVPBcO1rz99Q/+6p3UhssGl3stZKYVRsUZL9Y0B4vp6:NWqwGTqorBcgMzp34slM1s85BoI

Score

10^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68.exe

Resource

win7-20231215-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://77.91.76.37

Attributes

install_dir
c508585d38
install_file
Utsysc.exe
strings_key
c736fd5bdd26ef77013837dee2004742
url_paths
/g8samsA2/index.php

rc4.plain

Targets

- Target
  
  d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68
- Size
  
  412KB
- MD5
  
  ffa7a6ba49261fc086759aa038e64c97
- SHA1
  
  716712c20ae36dd050af306d05f8942b302180ce
- SHA256
  
  d1e9eda8a4564f87ee74add9df5a9a6e1b2019d3843b8139b0ac00bb7a3e4e68
- SHA512
  
  3a9ff007c9524806b1259b639f57ec5e0353546d0f76a7adc9e2a06a9d04f798a4ea53c6c4fd8ac07419aa9c5fa043153925378be7b7a7b845dee76cef5f8461
- SSDEEP
  
  6144:NKye3p8wGTqJSJVPBcO1rz99Q/+6p3UhssGl3stZKYVRsUZL9Y0B4vp6:NWqwGTqorBcgMzp34slM1s85BoI
Score

10^/10
- Amadey
  amadey_bot.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy