Overview

overview

10

Static

static

10

sample.exe

windows7-x64

7

sample.exe

windows10-2004-x64

7

Resubmissions

21/04/2024, 18:10

240421-wr2xhsge94 10

21/04/2024, 18:09

240421-wrky1aha2z 10

21/04/2024, 17:27

240421-v1svjaga42 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.exe

  • Size

    218KB

  • Sample

    240421-wr2xhsge94

  • MD5

    aa9fa7808dca4fd4cadab28cabbc3266

  • SHA1

    1a45810526df332dba5003d0627d1c14bf5183ed

  • SHA256

    6e01f9d1997186d06274a508bc0a511aa6fb50e430b77efca593c00d3fc62cba

  • SHA512

    a5aa58e5832410d68ad8c2c0f2fd58a496ef5e79b97fe728259993b81f13bc7ef77ec26faf0410f9fa88037fcd87ca09d699ca64d7aa8b11dab83f0f42c5df5a

  • SSDEEP

    6144:Q/31H3YucxpcxoLebwlAsUy8F0WEutMVPdKET:QFmxCxoakeLyw0WEutMV

Score
10/10
amadey

Malware Config

Extracted

Family

amadey

Version

3.20

C2

http://dhisa8f9ah02hopasiaf.com

http://happyday9risce.com

http://xksldjf9sksdjfks.com
Attributes
  • install_dir

    a10b8dfb5f

  • install_file

    orxds.exe

  • strings_key

    6768875d0dd576a718d85aa1d71d25c1

  • url_paths

    /gg4mn3s/index.php

rc4.plain

Targets

    • Target

      sample.exe

    • Size

      218KB

    • MD5

      aa9fa7808dca4fd4cadab28cabbc3266

    • SHA1

      1a45810526df332dba5003d0627d1c14bf5183ed

    • SHA256

      6e01f9d1997186d06274a508bc0a511aa6fb50e430b77efca593c00d3fc62cba

    • SHA512

      a5aa58e5832410d68ad8c2c0f2fd58a496ef5e79b97fe728259993b81f13bc7ef77ec26faf0410f9fa88037fcd87ca09d699ca64d7aa8b11dab83f0f42c5df5a

    • SSDEEP

      6144:Q/31H3YucxpcxoLebwlAsUy8F0WEutMVPdKET:QFmxCxoakeLyw0WEutMV

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks