amadey | e2f322ac4a8a79027c4badbf6b534ebe7c6b56b234d3d8fb38ff17d2acdbfd16 | Triage

Sharing

General

Target

e2f322ac4a8a79027c4badbf6b534ebe7c6b56b234d3d8fb38ff17d2acdbfd16
Size

279KB
Sample

240324-b2374sfh27
MD5

020c54cab2f3ef59732b60d2faef5051
SHA1

7c0a3a19dbc658b841068684e5442d7894ae7eda
SHA256

e2f322ac4a8a79027c4badbf6b534ebe7c6b56b234d3d8fb38ff17d2acdbfd16
SHA512

6820aaf46f29589deafccc38a37366fa2e187128c2503e6bbbce845474136f705aa72db35803599a7291f20a039b6542d71daef96dab185aeea52455b6ddccef
SSDEEP

6144:KMy+bnr+Qp0yN90QE/Ml7Vo2dT6c0C752jb4ueelteAYW9D:EMrMy90BMb7dJdl2jb4C8W9D

Score

10^/10

amadey mystic persistence stealer trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688
url_paths
/mac/index.php

rc4.plain

Targets

- Target
  
  e2f322ac4a8a79027c4badbf6b534ebe7c6b56b234d3d8fb38ff17d2acdbfd16
- Size
  
  279KB
- MD5
  
  020c54cab2f3ef59732b60d2faef5051
- SHA1
  
  7c0a3a19dbc658b841068684e5442d7894ae7eda
- SHA256
  
  e2f322ac4a8a79027c4badbf6b534ebe7c6b56b234d3d8fb38ff17d2acdbfd16
- SHA512
  
  6820aaf46f29589deafccc38a37366fa2e187128c2503e6bbbce845474136f705aa72db35803599a7291f20a039b6542d71daef96dab185aeea52455b6ddccef
- SSDEEP
  
  6144:KMy+bnr+Qp0yN90QE/Ml7Vo2dT6c0C752jb4ueelteAYW9D:EMrMy90BMb7dJdl2jb4C8W9D
Score

10^/10

amadey mystic persistence stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeymysticpersistencestealertrojan