amadey | 85ac0e8244160430f8ca3d4fb031180ccf656a2d524a8fc2c828379c1c7b9e5f | Triage

Submit
Reports

Overview

overview

Static

static

1

9c75e5c9f5...6b.msi

windows7-x64

9c75e5c9f5...6b.msi

windows10-2004-x64

Sharing

General

Target

9c75e5c9f56150d3648691950f544f6b
Size

7.3MB
Sample

240215-ajyz1adb64
MD5

9c75e5c9f56150d3648691950f544f6b
SHA1

2008d7c4f9fe4d6e9ad9a328e636ae0b5222fde6
SHA256

85ac0e8244160430f8ca3d4fb031180ccf656a2d524a8fc2c828379c1c7b9e5f
SHA512

5b594257dbdbfc4252fe61d847437d2ba1630d0bc82072ce0f48e840b06cda86b603bac35b7f6be3d52bd4e7f4b7173820e0d1fb2e413199e325edd413236512
SSDEEP

196608:yqumukxXreZ5WXIP14ifwiTlQb3yVgsOyxI8:WCle2X2dIiTl83ympKI

Score

10^/10

amadey babadeda crypter discovery loader trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

9c75e5c9f56150d3648691950f544f6b.msi

Resource

win7-20231215-en

amadey babadeda crypter discovery loader trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

9c75e5c9f56150d3648691950f544f6b.msi

Resource

win10v2004-20231215-en

amadey babadeda crypter discovery loader trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  9c75e5c9f56150d3648691950f544f6b
- Size
  
  7.3MB
- MD5
  
  9c75e5c9f56150d3648691950f544f6b
- SHA1
  
  2008d7c4f9fe4d6e9ad9a328e636ae0b5222fde6
- SHA256
  
  85ac0e8244160430f8ca3d4fb031180ccf656a2d524a8fc2c828379c1c7b9e5f
- SHA512
  
  5b594257dbdbfc4252fe61d847437d2ba1630d0bc82072ce0f48e840b06cda86b603bac35b7f6be3d52bd4e7f4b7173820e0d1fb2e413199e325edd413236512
- SSDEEP
  
  196608:yqumukxXreZ5WXIP14ifwiTlQb3yVgsOyxI8:WCle2X2dIiTl83ympKI
Score

10^/10

amadey babadeda crypter discovery loader trojan upx
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Babadeda
  Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
  loader crypter babadeda
- Babadeda Crypter
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadeybabadedacrypterdiscoveryloadertrojanupx

behavioral2

amadeybabadedacrypterdiscoveryloadertrojanupx

© 2018-2024

Terms | Privacy