amadey | 6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90 | Triage

Sharing

General

Target

6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90.exe
Size

421KB
Sample

240624-bkseaawcjr
MD5

e62848b3576538fa77777032c232436b
SHA1

0049ca2473da98bc37394d5bb4c05852356c8bcb
SHA256

6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90
SHA512

ded4ab36f0401e7330de3e0347328ff1218338388268e45f0f79e23d8c95ba22b6f1454e2f908952acee023d1e5087b47f0cc38e23e151e7130e385951043822
SSDEEP

12288:sXLuBglhv+vNO6bVeKGA/Py3B1KuJ+NiKYU/d7tnUv:OLKgHv+vNOSV/vyrnKtF5Uv

Score

10^/10

amadey ffb1b9 execution

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

ffb1b9

C2

http://proresupdate.com

Attributes

install_dir
4bbb72a446
install_file
Hkbsse.exe
strings_key
1ebbd218121948a356341fff55521237
url_paths
/h9fmdW5/index.php

rc4.plain

Targets

- Target
  
  6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90.exe
- Size
  
  421KB
- MD5
  
  e62848b3576538fa77777032c232436b
- SHA1
  
  0049ca2473da98bc37394d5bb4c05852356c8bcb
- SHA256
  
  6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90
- SHA512
  
  ded4ab36f0401e7330de3e0347328ff1218338388268e45f0f79e23d8c95ba22b6f1454e2f908952acee023d1e5087b47f0cc38e23e151e7130e385951043822
- SSDEEP
  
  12288:sXLuBglhv+vNO6bVeKGA/Py3B1KuJ+NiKYU/d7tnUv:OLKgHv+vNOSV/vyrnKtF5Uv
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2