General

  • Target

    e8c3af34c0cf3717bd07610d4b3608a84f6416ecae079c32d35a65da6281ad6a.exe

  • Size

    431KB

  • Sample

    240324-dt7xfabf7s

  • MD5

    7df3bbbabf58f56c68d8b58360c805e1

  • SHA1

    cef03ca0d0a32778b5e145de4a06b0b7da2274b3

  • SHA256

    e8c3af34c0cf3717bd07610d4b3608a84f6416ecae079c32d35a65da6281ad6a

  • SHA512

    2e596777ce07acebf5214338e2d11f6fc8c8e6a7a920cdea95200866b61e1d4861403519d45bfd7a41a4078897fc2b2710131b5724ecf8f379c3eb33e655ceda

  • SSDEEP

    12288:embyjzjSHVt7I7cHjl6yzaedKuJe7kHaeshf:qzjSHVBI4gyzlFoN

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://194.87.71.43

Attributes
  • install_dir

    41711ab318

  • install_file

    Dctooux.exe

  • strings_key

    5f3718fed2ec5572d2ce198260ba7912

  • url_paths

    /g9jjjbnAdshZ/index.php

rc4.plain

Targets

    • Target

      e8c3af34c0cf3717bd07610d4b3608a84f6416ecae079c32d35a65da6281ad6a.exe

    • Size

      431KB

    • MD5

      7df3bbbabf58f56c68d8b58360c805e1

    • SHA1

      cef03ca0d0a32778b5e145de4a06b0b7da2274b3

    • SHA256

      e8c3af34c0cf3717bd07610d4b3608a84f6416ecae079c32d35a65da6281ad6a

    • SHA512

      2e596777ce07acebf5214338e2d11f6fc8c8e6a7a920cdea95200866b61e1d4861403519d45bfd7a41a4078897fc2b2710131b5724ecf8f379c3eb33e655ceda

    • SSDEEP

      12288:embyjzjSHVt7I7cHjl6yzaedKuJe7kHaeshf:qzjSHVBI4gyzlFoN

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks