General

  • Target

    2472-363-0x0000000000D30000-0x00000000011D9000-memory.dmp

  • Size

    4.7MB

  • Sample

    240924-rcyt4axgrj

  • MD5

    643225c69e2147d64843745aeda3c24b

  • SHA1

    5dee1ec80bb7152ce1107abb5afc243111b3b1de

  • SHA256

    7b95af23dd684973f6aa0a259bd3126124b4390215fc7ee2d6e61ed7271e59aa

  • SHA512

    a4bdda5969825ba195915b05bdebebefd6f6089d3a69a3340f97a025c8c81b0305a335922f6dfba6d1dfd1c65262c5dfacce03eb5d0d294edea740d77ccff0bd

  • SSDEEP

    98304:lIRHHkwGbkw81Vdg7Q8AX6aNQAPlYhv6/HiWinMx3:lu3QANYhCHfiMx3

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Targets

    • Target

      2472-363-0x0000000000D30000-0x00000000011D9000-memory.dmp

    • Size

      4.7MB

    • MD5

      643225c69e2147d64843745aeda3c24b

    • SHA1

      5dee1ec80bb7152ce1107abb5afc243111b3b1de

    • SHA256

      7b95af23dd684973f6aa0a259bd3126124b4390215fc7ee2d6e61ed7271e59aa

    • SHA512

      a4bdda5969825ba195915b05bdebebefd6f6089d3a69a3340f97a025c8c81b0305a335922f6dfba6d1dfd1c65262c5dfacce03eb5d0d294edea740d77ccff0bd

    • SSDEEP

      98304:lIRHHkwGbkw81Vdg7Q8AX6aNQAPlYhv6/HiWinMx3:lu3QANYhCHfiMx3

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

MITRE ATT&CK Matrix

Tasks