General

  • Target

    4d8fbc7578dca954407746a1d73e3232cd8db79dccd57acbeef80da369069a91.exe

  • Size

    734KB

  • Sample

    241104-csrndstmdp

  • MD5

    98e538d63ec5a23a3acc374236ae20b6

  • SHA1

    f3fec38f80199e346cac912bf8b65249988a2a7e

  • SHA256

    4d8fbc7578dca954407746a1d73e3232cd8db79dccd57acbeef80da369069a91

  • SHA512

    951a750998448cd3653153bdf24705101136305ff4744ee2092952d773121817fa36347cb797586c58d0f3efc9cfa40ae6d9ce6ea5d2e8ec41acf8d9a03b0827

  • SSDEEP

    12288:ASwzmSKCxU4HrGAvdu8Ree0brAlMAgsgKpBxkLrVZ5Rc:pwzmSKC3HrDdu8k/bcaAgvuxqrV1

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

7c4393

C2

http://185.215.113.217

Attributes
  • install_dir

    f9c76c1660

  • install_file

    corept.exe

  • strings_key

    9808a67f01d2f0720518035acbde7521

  • url_paths

    /CoreOPT/index.php

rc4.plain

Targets

    • Target

      4d8fbc7578dca954407746a1d73e3232cd8db79dccd57acbeef80da369069a91.exe

    • Size

      734KB

    • MD5

      98e538d63ec5a23a3acc374236ae20b6

    • SHA1

      f3fec38f80199e346cac912bf8b65249988a2a7e

    • SHA256

      4d8fbc7578dca954407746a1d73e3232cd8db79dccd57acbeef80da369069a91

    • SHA512

      951a750998448cd3653153bdf24705101136305ff4744ee2092952d773121817fa36347cb797586c58d0f3efc9cfa40ae6d9ce6ea5d2e8ec41acf8d9a03b0827

    • SSDEEP

      12288:ASwzmSKCxU4HrGAvdu8Ree0brAlMAgsgKpBxkLrVZ5Rc:pwzmSKC3HrDdu8k/bcaAgvuxqrV1

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Amadey family

    • Drops startup file

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks