General

  • Target

    afed1f25a3f2726648ef9ea82d0970c2d859b5d375b8bca6baeb132f50357e25

  • Size

    424KB

  • Sample

    240810-p4bgrsvakh

  • MD5

    73d8a08507008fc78a51e7a416e6e877

  • SHA1

    b36893795650d88e2feb73c5cc358cc0dfcfe51d

  • SHA256

    afed1f25a3f2726648ef9ea82d0970c2d859b5d375b8bca6baeb132f50357e25

  • SHA512

    3c6eec1bb735a82665c8697f91334b5faa2081b279d12e40923412d809154ba57054d5f0d0393deca1c4a6964f5a6c5a44de10cc2ad966d20cecd2cc5238a5d3

  • SSDEEP

    6144:1GDAnXpWqtj5iHgkFHdTuZXjW9+Y6YIfqOD4wBK2IOczkvxsHcP/whQHxgHU:1c6IAkVhuZzqgNBKScIvUcXwme0

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

0657d1

C2

http://185.215.113.19

Attributes
  • install_dir

    0d8f5eb8a7

  • install_file

    explorti.exe

  • strings_key

    6c55a5f34bb433fbd933a168577b1838

  • url_paths

    /Vi9leo/index.php

rc4.plain

Targets

    • Target

      afed1f25a3f2726648ef9ea82d0970c2d859b5d375b8bca6baeb132f50357e25

    • Size

      424KB

    • MD5

      73d8a08507008fc78a51e7a416e6e877

    • SHA1

      b36893795650d88e2feb73c5cc358cc0dfcfe51d

    • SHA256

      afed1f25a3f2726648ef9ea82d0970c2d859b5d375b8bca6baeb132f50357e25

    • SHA512

      3c6eec1bb735a82665c8697f91334b5faa2081b279d12e40923412d809154ba57054d5f0d0393deca1c4a6964f5a6c5a44de10cc2ad966d20cecd2cc5238a5d3

    • SSDEEP

      6144:1GDAnXpWqtj5iHgkFHdTuZXjW9+Y6YIfqOD4wBK2IOczkvxsHcP/whQHxgHU:1c6IAkVhuZzqgNBKScIvUcXwme0

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks