General

  • Target

    a0856b1ffb19fe56f60fc1e4148ce467d863953aeee45b99ed5c8f04b4d8fb63N

  • Size

    204KB

  • Sample

    241109-15qtmasndt

  • MD5

    4a4d7f501609e47db056fd65ea012280

  • SHA1

    f8a0a980d355a5084392e00a76b2c2cab1cfb374

  • SHA256

    a0856b1ffb19fe56f60fc1e4148ce467d863953aeee45b99ed5c8f04b4d8fb63

  • SHA512

    81f442243b929af515c7173bfafadad26fe30985808acab3b64f0fb57f944fc22ca3bdc6a541c90568dad888e3dcd762eb9a7428b84d14c191d226beab1123b9

  • SSDEEP

    3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.81

Botnet

f9a925

C2

http://77.91.124.20

Attributes
  • install_dir

    c3912af058

  • install_file

    oneetx.exe

  • strings_key

    0504ce46646b0dc397a3c30d6692ec75

  • url_paths

    /store/games/index.php

rc4.plain

Targets

    • Target

      a0856b1ffb19fe56f60fc1e4148ce467d863953aeee45b99ed5c8f04b4d8fb63N

    • Size

      204KB

    • MD5

      4a4d7f501609e47db056fd65ea012280

    • SHA1

      f8a0a980d355a5084392e00a76b2c2cab1cfb374

    • SHA256

      a0856b1ffb19fe56f60fc1e4148ce467d863953aeee45b99ed5c8f04b4d8fb63

    • SHA512

      81f442243b929af515c7173bfafadad26fe30985808acab3b64f0fb57f944fc22ca3bdc6a541c90568dad888e3dcd762eb9a7428b84d14c191d226beab1123b9

    • SSDEEP

      3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks