General

  • Target

    212d75091a4ba214aa7216227728737f957d345570f17d0b49267b84e419a20d

  • Size

    213KB

  • Sample

    241109-y7y7ns1gpm

  • MD5

    f4ada40d3f9276d9b60a36af988125cb

  • SHA1

    c4ad5adcf1ee5964162ffa93683092d5d4521f59

  • SHA256

    212d75091a4ba214aa7216227728737f957d345570f17d0b49267b84e419a20d

  • SHA512

    e68838160133bb449d8a4e244d19f7275df2a02f46ca7041003f20870ce3a72a4f8712c8052be2f0ea8397cd01cee2a7d9c97fd93faa6b66e9dffbbcc80453bf

  • SSDEEP

    3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.83

Botnet

6286bc

C2

http://77.91.68.62

Attributes
  • install_dir

    a9e2a16078

  • install_file

    metado.exe

  • strings_key

    222b69c5017792146aee774515f0a748

  • url_paths

    /wings/game/index.php

rc4.plain

Targets

    • Target

      212d75091a4ba214aa7216227728737f957d345570f17d0b49267b84e419a20d

    • Size

      213KB

    • MD5

      f4ada40d3f9276d9b60a36af988125cb

    • SHA1

      c4ad5adcf1ee5964162ffa93683092d5d4521f59

    • SHA256

      212d75091a4ba214aa7216227728737f957d345570f17d0b49267b84e419a20d

    • SHA512

      e68838160133bb449d8a4e244d19f7275df2a02f46ca7041003f20870ce3a72a4f8712c8052be2f0ea8397cd01cee2a7d9c97fd93faa6b66e9dffbbcc80453bf

    • SSDEEP

      3072:meTRJ0kHbnpN23kQKp5XzutZXKGrpeN84LuZAIybiy3xEfbi:FTR2AnpN2wDurXBeBuZAIMEj

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks