amadey | eeda4bb0fe57b539e615a690492c4af2d0db8f250e25cbaddbf5d67c002208f6 | Triage

Sharing

General

Target

6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90.zip
Size

209KB
Sample

240623-mjzmrascqm
MD5

9f1d7eab6dd7131bb55a8631067f2861
SHA1

6efce2b685687a1721fc7c208d7e321e7bef69b7
SHA256

eeda4bb0fe57b539e615a690492c4af2d0db8f250e25cbaddbf5d67c002208f6
SHA512

e1e13033a1c2c6726907bb0b9fb4e64911fee428391874ecf75782e0dc69a83550808b0af14136a33a0f291aaa77c819d0be45aee167148dc6f2e02f78b854a5
SSDEEP

6144:9mbJ76j/uiIr0fhrfOKSjaQatGK5cwK/ak:0+k0pKKSjadOn

Score

10^/10

amadey ffb1b9 execution

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

ffb1b9

C2

http://proresupdate.com

Attributes

install_dir
4bbb72a446
install_file
Hkbsse.exe
strings_key
1ebbd218121948a356341fff55521237
url_paths
/h9fmdW5/index.php

rc4.plain

Targets

- Target
  
  6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90.exe
- Size
  
  421KB
- MD5
  
  e62848b3576538fa77777032c232436b
- SHA1
  
  0049ca2473da98bc37394d5bb4c05852356c8bcb
- SHA256
  
  6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90
- SHA512
  
  ded4ab36f0401e7330de3e0347328ff1218338388268e45f0f79e23d8c95ba22b6f1454e2f908952acee023d1e5087b47f0cc38e23e151e7130e385951043822
- SSDEEP
  
  12288:sXLuBglhv+vNO6bVeKGA/Py3B1KuJ+NiKYU/d7tnUv:OLKgHv+vNOSV/vyrnKtF5Uv
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2