Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    964b8248435c3698a24bff4fdce25543fdc2714a514ea6e8ec936d5e6bd7cfd9

  • Size

    393KB

  • Sample

    240619-13hegatgkc

  • MD5

    a207cc596a2378022f6ada3bfcc72305

  • SHA1

    abea18779a9d08dbc484a1dbef4f041a77f95556

  • SHA256

    964b8248435c3698a24bff4fdce25543fdc2714a514ea6e8ec936d5e6bd7cfd9

  • SHA512

    047360b2f20104536e894f2c0f3564c5c9c5955c486e7796bd13c24840656c0e19d1579147ed66717e420d4f064b042d981a16bace900e6f96ed2973e570f619

  • SSDEEP

    12288:K0Fkz2KXIhxNpRl8NFu0Y2jeHyKHWRFH:Voq/pRKNoKeVq

Score
10/10
amadeyb2c2c1trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes
  • install_dir

    e221f72865

  • install_file

    Dctooux.exe

  • strings_key

    09a7af7983af08af50ea3f51a73065e9

  • url_paths

    /forum/index.php

rc4.plain

Targets

    • Target

      964b8248435c3698a24bff4fdce25543fdc2714a514ea6e8ec936d5e6bd7cfd9

    • Size

      393KB

    • MD5

      a207cc596a2378022f6ada3bfcc72305

    • SHA1

      abea18779a9d08dbc484a1dbef4f041a77f95556

    • SHA256

      964b8248435c3698a24bff4fdce25543fdc2714a514ea6e8ec936d5e6bd7cfd9

    • SHA512

      047360b2f20104536e894f2c0f3564c5c9c5955c486e7796bd13c24840656c0e19d1579147ed66717e420d4f064b042d981a16bace900e6f96ed2973e570f619

    • SSDEEP

      12288:K0Fkz2KXIhxNpRl8NFu0Y2jeHyKHWRFH:Voq/pRKNoKeVq

    Score
    10/10
    amadeyb2c2c1trojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks