Overview

overview

10

Static

static

3

2aab50071e...cs.exe

windows7-x64

10

2aab50071e...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2aab50071ed7cd04279bc8a6fac68280_NeikiAnalytics.exe

  • Size

    466KB

  • Sample

    240611-g3aj3sxhjk

  • MD5

    2aab50071ed7cd04279bc8a6fac68280

  • SHA1

    4884142b96c2b1f67d9ec57ae4de3253a6449976

  • SHA256

    83f17052a7366bd07cacf01d9a6fcc31b6bcb5b89fc7f5320edbfa2de3c01b85

  • SHA512

    bb94ee262e7c4d21631520c499fe9b0034f30882b95847eb72838138b5e4b3d6c5eb9e1aa122e2dcc33c666eeb8fd34ffbb234248d3c15e6899d8ce5f9d42998

  • SSDEEP

    6144:K0fLDXkuiLa34e70xdsfVC6k4G+YOxqprNRJYsLkXV425EYdxivK4:BfPXka4DxdL8Gv+qpdYeIS25EYdxir

Score
10/10
amadey9a3efctrojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes
  • install_dir

    b9695770f1

  • install_file

    Dctooux.exe

  • strings_key

    1d3a0f2941c4060dba7f23a378474944

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      2aab50071ed7cd04279bc8a6fac68280_NeikiAnalytics.exe

    • Size

      466KB

    • MD5

      2aab50071ed7cd04279bc8a6fac68280

    • SHA1

      4884142b96c2b1f67d9ec57ae4de3253a6449976

    • SHA256

      83f17052a7366bd07cacf01d9a6fcc31b6bcb5b89fc7f5320edbfa2de3c01b85

    • SHA512

      bb94ee262e7c4d21631520c499fe9b0034f30882b95847eb72838138b5e4b3d6c5eb9e1aa122e2dcc33c666eeb8fd34ffbb234248d3c15e6899d8ce5f9d42998

    • SSDEEP

      6144:K0fLDXkuiLa34e70xdsfVC6k4G+YOxqprNRJYsLkXV425EYdxivK4:BfPXka4DxdL8Gv+qpdYeIS25EYdxir

    Score
    10/10
    amadey9a3efctrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks