General
-
Target
2fab011378c2afbf4ece666058049c2bffcde77dddf420f661599d2b7613465a
-
Size
1.6MB
-
Sample
240523-hb6zmsgd82
-
MD5
6e7509886f8664d045b09398f1e4b2be
-
SHA1
2b93a153ba5d452ebbb717015f9cc1512b1dba84
-
SHA256
2fab011378c2afbf4ece666058049c2bffcde77dddf420f661599d2b7613465a
-
SHA512
613b06828fe6f8e0a0326725998936b2d463a2f151ee8ba33e45722c7ecb3fec00f5dda01cf08dd91ce4c3c6755e474cb3cb75e7b53be727249c19be326de2d9
-
SSDEEP
49152:lK85HlR16qS4w8VJzJtXgdLd+Gd7cYTEA:b16lZULlYTEA
Malware Config
Extracted
amadey
4.20
18befc
http://5.42.96.141
-
install_dir
908f070dff
-
install_file
explorku.exe
-
strings_key
b25a9385246248a95c600f9a061438e1
-
url_paths
/go34ko8/index.php
Targets
-
-
Target
2fab011378c2afbf4ece666058049c2bffcde77dddf420f661599d2b7613465a
-
Size
1.6MB
-
MD5
6e7509886f8664d045b09398f1e4b2be
-
SHA1
2b93a153ba5d452ebbb717015f9cc1512b1dba84
-
SHA256
2fab011378c2afbf4ece666058049c2bffcde77dddf420f661599d2b7613465a
-
SHA512
613b06828fe6f8e0a0326725998936b2d463a2f151ee8ba33e45722c7ecb3fec00f5dda01cf08dd91ce4c3c6755e474cb3cb75e7b53be727249c19be326de2d9
-
SSDEEP
49152:lK85HlR16qS4w8VJzJtXgdLd+Gd7cYTEA:b16lZULlYTEA
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-