Overview

overview

10

Static

static

10

958aa94f4a...f4.exe

windows7-x64

10

958aa94f4a...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    958aa94f4ad246b393cc98c789545c24bf974fb90447319ebbf34d0fa241edf4

  • Size

    965KB

  • Sample

    240614-bzfzsszepb

  • MD5

    791d58c4ed6b8772eceda0b0254880e2

  • SHA1

    a03bd87406f6025177c52a79fe81f1a59930aa37

  • SHA256

    958aa94f4ad246b393cc98c789545c24bf974fb90447319ebbf34d0fa241edf4

  • SHA512

    29382169fe2249c506e8895e1e2af6ff42c76a1e8ee352f1c9557106040280cf8b8548d98974a8b07fb3d1140f55a3627f856b77454463168a8d6014df2e7899

  • SSDEEP

    12288:6tLTyenMEh/rI+Ea4seWbh1/PjsrCe3NsGTzbEr6JeUc/X016JNHJPXFk2LxvTr2:6tieMEe+HeWXjsldP3

Score
10/10
amadeyf9a925trojan

Malware Config

Extracted

Family

amadey

Version

3.81

Botnet

f9a925

C2

http://77.91.124.20

Attributes
  • install_dir

    c3912af058

  • install_file

    oneetx.exe

  • strings_key

    0504ce46646b0dc397a3c30d6692ec75

  • url_paths

    /store/games/index.php

rc4.plain

Targets

    • Target

      958aa94f4ad246b393cc98c789545c24bf974fb90447319ebbf34d0fa241edf4

    • Size

      965KB

    • MD5

      791d58c4ed6b8772eceda0b0254880e2

    • SHA1

      a03bd87406f6025177c52a79fe81f1a59930aa37

    • SHA256

      958aa94f4ad246b393cc98c789545c24bf974fb90447319ebbf34d0fa241edf4

    • SHA512

      29382169fe2249c506e8895e1e2af6ff42c76a1e8ee352f1c9557106040280cf8b8548d98974a8b07fb3d1140f55a3627f856b77454463168a8d6014df2e7899

    • SSDEEP

      12288:6tLTyenMEh/rI+Ea4seWbh1/PjsrCe3NsGTzbEr6JeUc/X016JNHJPXFk2LxvTr2:6tieMEe+HeWXjsldP3

    Score
    10/10
    amadeyf9a925trojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects executables packed with ConfuserEx Mod

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks