General
-
Target
6e61178fd177489bb5649027222781c9b4954f8f06ff964499e3b7c3ad7604fd
-
Size
1.8MB
-
Sample
240328-zssa9agd8t
-
MD5
46ab8cbd40a60e88181fe34900137419
-
SHA1
0e4099fef23cafdf8380e2172699e613b8dedf8f
-
SHA256
6e61178fd177489bb5649027222781c9b4954f8f06ff964499e3b7c3ad7604fd
-
SHA512
39d5f013c154251c642c1f9aa1b3c40a3201b7063b745cf4fc518baf185cb491818648705cb7cb8358bfac260c852d487a64f45e881d129d67d21faa1ef5556e
-
SSDEEP
49152:DgaGZ/JARlm+yyklpfHaRKnktKQU4aJNLm1F3+hlzkQDnpYuQQk9SJIc:0aG9JARlmHHaRttKQU81FObkQmzr8Ic
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Targets
-
-
Target
6e61178fd177489bb5649027222781c9b4954f8f06ff964499e3b7c3ad7604fd
-
Size
1.8MB
-
MD5
46ab8cbd40a60e88181fe34900137419
-
SHA1
0e4099fef23cafdf8380e2172699e613b8dedf8f
-
SHA256
6e61178fd177489bb5649027222781c9b4954f8f06ff964499e3b7c3ad7604fd
-
SHA512
39d5f013c154251c642c1f9aa1b3c40a3201b7063b745cf4fc518baf185cb491818648705cb7cb8358bfac260c852d487a64f45e881d129d67d21faa1ef5556e
-
SSDEEP
49152:DgaGZ/JARlm+yyklpfHaRKnktKQU4aJNLm1F3+hlzkQDnpYuQQk9SJIc:0aG9JARlmHHaRttKQU81FObkQmzr8Ic
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-