General

  • Target

    a7d359a9654ff1ec52a55fd1b675eeea3e6f319fb0a962d2a10239439f174be8N

  • Size

    657KB

  • Sample

    241104-jdj4bswqdw

  • MD5

    17a6b28716d0e3d2fe8f3bd647af2790

  • SHA1

    906509b00f0b9127fe3a3e0bcf7281c06911c23c

  • SHA256

    a7d359a9654ff1ec52a55fd1b675eeea3e6f319fb0a962d2a10239439f174be8

  • SHA512

    abe4bc542eb7103203c4e3970b6d1d753b473b760fff4c041d583e97ceb485f790987b7385360f529da225cc44cc17750668b90a6edc8847443b33598a8c54e2

  • SSDEEP

    12288:UYXwJXw27+JL7JSUHz22Ebq/ZvqEleJ70hv6X/IZ1:UYXwNGJf3xUF0hv4/Y1

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

7c4393

C2

http://185.215.113.217

Attributes
  • install_dir

    f9c76c1660

  • install_file

    corept.exe

  • strings_key

    9808a67f01d2f0720518035acbde7521

  • url_paths

    /CoreOPT/index.php

rc4.plain

Targets

    • Target

      a7d359a9654ff1ec52a55fd1b675eeea3e6f319fb0a962d2a10239439f174be8N

    • Size

      657KB

    • MD5

      17a6b28716d0e3d2fe8f3bd647af2790

    • SHA1

      906509b00f0b9127fe3a3e0bcf7281c06911c23c

    • SHA256

      a7d359a9654ff1ec52a55fd1b675eeea3e6f319fb0a962d2a10239439f174be8

    • SHA512

      abe4bc542eb7103203c4e3970b6d1d753b473b760fff4c041d583e97ceb485f790987b7385360f529da225cc44cc17750668b90a6edc8847443b33598a8c54e2

    • SSDEEP

      12288:UYXwJXw27+JL7JSUHz22Ebq/ZvqEleJ70hv6X/IZ1:UYXwNGJf3xUF0hv4/Y1

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Amadey family

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks