Resubmissions

28-07-2024 23:58

240728-31d1dawgmf 10

General

  • Target

    Amadey.zip

  • Size

    5.8MB

  • Sample

    240728-31d1dawgmf

  • MD5

    a1e1cc058b7ab391590a2082f99c9b31

  • SHA1

    921b7a0a22c9cf03d49625f545ba19ce49b98055

  • SHA256

    99ae4438723ada9b97e0ae8de731501facdb6698c87a19f96e1b901fa5c81e50

  • SHA512

    752a8b70d6e0c2ed07b009cd5e9f51c76239cb5c46ea97253ff32449831647982ea396a8f893128d490ef7939f8d23d25cf6b21b83fb36f815d43a029e795382

  • SSDEEP

    98304:xrsJKB2ixFuGs2cmZlI9hoLHHvuG/T9mj05pNq6i1AhxBBGTj1tK7W5RyMee:xrOKPT9c06homsT4o5Tq6QT52aye

Malware Config

Targets

    • Target

      42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3.exe

    • Size

      7.2MB

    • MD5

      3c76e12084f57410323212b79c24a4ad

    • SHA1

      c2663a2189440deae7a3826109bceacaea3a99d9

    • SHA256

      42e369c8a08e42bb7ca81f3b4598b1352766fd602c32adc21cd5f1afab85f7f3

    • SHA512

      e0cfc3ac8407426902e08851db8fa3e75142de3d927ed091e12c4603a896c581a182b9069d04ce4032f974064e66db9a68a83d48ed1982934f6203a7b08964dd

    • SSDEEP

      98304:LH7CgqLPRPYv7cZuwYx72XPo0+XH6zVLexfY+/1P6w0UYv6M0kMfRG1DOUYeixTA:b+gqLKB2pUca6+NP6yYbUGbYemTENFZ3

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks