Overview

overview

10

Static

static

10

b1d5b1e480...e5.exe

windows7-x64

10

b1d5b1e480...e5.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b1d5b1e480a5731caacc65609eaf069622f1129965819079aa09bc9d96dadde5.exe

  • Size

    415KB

  • Sample

    240624-brfztssglh

  • MD5

    c4aeaafc0507785736e000ff7e823f5e

  • SHA1

    b1acdee835f02856985a822fe99921b097ed1519

  • SHA256

    b1d5b1e480a5731caacc65609eaf069622f1129965819079aa09bc9d96dadde5

  • SHA512

    fbaefbce3232481490bce7b859c6c1bafd87ee6d952a2be9bf7c4ed25fe8fc9aff46c2246e247aa05ce8e405831a5905ca366c5333ede0af48f9a6287479a12d

  • SSDEEP

    12288:pfSPtGpmLb84Jjzo6yrBuKuJ+ITOClUd:ktGpmf8edykhVlUd

Score
10/10
amadeyc43c2dtrojan

Malware Config

Extracted

Family

amadey

Version

4.31

Botnet

c43c2d

C2

http://o7labs.top

Attributes
  • install_dir

    28feeece5c

  • install_file

    Hkbsse.exe

  • strings_key

    db4823e211dffb31faf4fc1fd90d3289

  • url_paths

    /online/support/index.php

rc4.plain

Targets

    • Target

      b1d5b1e480a5731caacc65609eaf069622f1129965819079aa09bc9d96dadde5.exe

    • Size

      415KB

    • MD5

      c4aeaafc0507785736e000ff7e823f5e

    • SHA1

      b1acdee835f02856985a822fe99921b097ed1519

    • SHA256

      b1d5b1e480a5731caacc65609eaf069622f1129965819079aa09bc9d96dadde5

    • SHA512

      fbaefbce3232481490bce7b859c6c1bafd87ee6d952a2be9bf7c4ed25fe8fc9aff46c2246e247aa05ce8e405831a5905ca366c5333ede0af48f9a6287479a12d

    • SSDEEP

      12288:pfSPtGpmLb84Jjzo6yrBuKuJ+ITOClUd:ktGpmf8edykhVlUd

    Score
    10/10
    amadeyc43c2dtrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks