General

  • Target

    1628-2-0x0000000000D70000-0x000000000123A000-memory.dmp

  • Size

    4.8MB

  • Sample

    240926-exdnfazfka

  • MD5

    a856c692d534eae4eee2315f344e8746

  • SHA1

    224d3b8dc6e2a6ceab6d2224c1a88fb186e7b075

  • SHA256

    3196ff6f7bbae1a4a265c970d54a8d54b50e1987274987980f5c80c2ea340831

  • SHA512

    2fb419d4c11d0d45e40e0d594667be4c0839c6160c6ab9a787fe0b99819b30f23597713f74396262176eaaae962c9b1dfc13d0fa6d99ed2282043d4b501b7629

  • SSDEEP

    98304:ccQ9AtdfXlgEo1bYjAn9WV9gPSK2k/kJu8lx678VfKwKLC9:c0EMgUkwBlxnZKwKm9

Score
10/10

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Targets

    • Target

      1628-2-0x0000000000D70000-0x000000000123A000-memory.dmp

    • Size

      4.8MB

    • MD5

      a856c692d534eae4eee2315f344e8746

    • SHA1

      224d3b8dc6e2a6ceab6d2224c1a88fb186e7b075

    • SHA256

      3196ff6f7bbae1a4a265c970d54a8d54b50e1987274987980f5c80c2ea340831

    • SHA512

      2fb419d4c11d0d45e40e0d594667be4c0839c6160c6ab9a787fe0b99819b30f23597713f74396262176eaaae962c9b1dfc13d0fa6d99ed2282043d4b501b7629

    • SSDEEP

      98304:ccQ9AtdfXlgEo1bYjAn9WV9gPSK2k/kJu8lx678VfKwKLC9:c0EMgUkwBlxnZKwKm9

    Score
    10/10
    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

MITRE ATT&CK Matrix

Tasks