amadey | c4f30b93fd4341190482e6d81ac4bb149be4647dd994b0919e96c20312167004 | Triage

Sharing

General

Target

080084c285683066d6c5b41f76b3b430_NeikiAnalytics.exe
Size

205KB
Sample

240526-2e1rksed6t
MD5

080084c285683066d6c5b41f76b3b430
SHA1

524b4631a18e977c93c474c09b32f806129d165c
SHA256

c4f30b93fd4341190482e6d81ac4bb149be4647dd994b0919e96c20312167004
SHA512

a8561a0edc32d4f5d28942cabd5b6c45b8c666bceb6a0a983e1a90f34f91894598a3c056ae5d29a6d3b4db560ac5b6ae469cd10ed118799c605b7c9df5570edd
SSDEEP

3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAItb2y3xfpT:8kSDAzG1iciuInRexuZAIvx

Score

10^/10

amadey 2f2805

Malware Config

Extracted

Family

amadey

Version

3.84

Botnet

2f2805

C2

http://77.91.68.63

Attributes

install_dir
200f691d32
install_file
rugen.exe
strings_key
e6ad3da56139a7f602e521090c482398
url_paths
/doma/net/index.php

rc4.plain

Targets

- Target
  
  080084c285683066d6c5b41f76b3b430_NeikiAnalytics.exe
- Size
  
  205KB
- MD5
  
  080084c285683066d6c5b41f76b3b430
- SHA1
  
  524b4631a18e977c93c474c09b32f806129d165c
- SHA256
  
  c4f30b93fd4341190482e6d81ac4bb149be4647dd994b0919e96c20312167004
- SHA512
  
  a8561a0edc32d4f5d28942cabd5b6c45b8c666bceb6a0a983e1a90f34f91894598a3c056ae5d29a6d3b4db560ac5b6ae469cd10ed118799c605b7c9df5570edd
- SSDEEP
  
  3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAItb2y3xfpT:8kSDAzG1iciuInRexuZAIvx
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2