amadey | 97ec855a73ef9fc27b5b804dd0e5e882741c3dcfe316d3ecb6eb582aea38ed8e | Triage

Resubmissions

10-07-2024 12:57

240710-p6wwgsygrq 10

25-06-2024 02:41

240625-c6rwbawglf 10

Sharing

General

Target

e62848b3576538fa77777032c232436b.bin
Size

209KB
Sample

240625-c6rwbawglf
MD5

1c3dbcb38a63d8511aef48f4339be37b
SHA1

3bf497745ac54f3915af0c8da18f12e16c023ee8
SHA256

97ec855a73ef9fc27b5b804dd0e5e882741c3dcfe316d3ecb6eb582aea38ed8e
SHA512

d32870778e4b078fee59ec9ad3b3258758eb0d4abab26783af3996e8c6b7b461c053240a57266ee402a8f609cb6e7c543ba73edff55e94e3a299899a736b2209
SSDEEP

6144:6v6rcjOqe4gYw5ROlrhBNA3eFFlXlfjGTfPpCZ:6yrcj1exYw5A88Ftlf6TA

Score

10^/10

amadey ffb1b9 execution

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

ffb1b9

C2

http://proresupdate.com

Attributes

install_dir
4bbb72a446
install_file
Hkbsse.exe
strings_key
1ebbd218121948a356341fff55521237
url_paths
/h9fmdW5/index.php

rc4.plain

Targets

- Target
  
  6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90.exe
- Size
  
  421KB
- MD5
  
  e62848b3576538fa77777032c232436b
- SHA1
  
  0049ca2473da98bc37394d5bb4c05852356c8bcb
- SHA256
  
  6cdb5689c39841cb71537410e90fcd6db86ef27dff8cf9eac5ac8122997f5b90
- SHA512
  
  ded4ab36f0401e7330de3e0347328ff1218338388268e45f0f79e23d8c95ba22b6f1454e2f908952acee023d1e5087b47f0cc38e23e151e7130e385951043822
- SSDEEP
  
  12288:sXLuBglhv+vNO6bVeKGA/Py3B1KuJ+NiKYU/d7tnUv:OLKgHv+vNOSV/vyrnKtF5Uv
Score

8^/10

execution
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2