General

  • Target

    1402a0c673ab6c2c1f4293e6cd28e4a5d8042c98cdd53f6b63d9b9dd16517181

  • Size

    424KB

  • Sample

    240810-q44c8asbll

  • MD5

    fb5ac625bfeaf62d095bca6f36cdf10e

  • SHA1

    46b1af6b9954e7fe6536c7176992ca1963fbf8a3

  • SHA256

    1402a0c673ab6c2c1f4293e6cd28e4a5d8042c98cdd53f6b63d9b9dd16517181

  • SHA512

    8c0cb41e28cacb135b05d506402c085ff8a90c9a575e914fe5a16d7ea16d82b1e64d6080ebe6920a2958d495ee5cf65832f847045908264ef0d60200b912c80d

  • SSDEEP

    12288:r9S8Z84PKuzQ6e9UGHpnMXPBDHXLVKSeZT:r9S8Z84Pt+UeQPBD3LVKS

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

0657d1

C2

http://185.215.113.19

Attributes
  • install_dir

    0d8f5eb8a7

  • install_file

    explorti.exe

  • strings_key

    6c55a5f34bb433fbd933a168577b1838

  • url_paths

    /Vi9leo/index.php

rc4.plain

Targets

    • Target

      1402a0c673ab6c2c1f4293e6cd28e4a5d8042c98cdd53f6b63d9b9dd16517181

    • Size

      424KB

    • MD5

      fb5ac625bfeaf62d095bca6f36cdf10e

    • SHA1

      46b1af6b9954e7fe6536c7176992ca1963fbf8a3

    • SHA256

      1402a0c673ab6c2c1f4293e6cd28e4a5d8042c98cdd53f6b63d9b9dd16517181

    • SHA512

      8c0cb41e28cacb135b05d506402c085ff8a90c9a575e914fe5a16d7ea16d82b1e64d6080ebe6920a2958d495ee5cf65832f847045908264ef0d60200b912c80d

    • SSDEEP

      12288:r9S8Z84PKuzQ6e9UGHpnMXPBDHXLVKSeZT:r9S8Z84Pt+UeQPBD3LVKS

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks