General

  • Target

    3a9fa9573f950af645066f329f6fa9de2ceb29ea932edcd8a19330969bed2954

  • Size

    206KB

  • Sample

    241109-z7swbssfkn

  • MD5

    3ccd58ebee3d10d84362b2b92d536129

  • SHA1

    d470c7ccba0418c0eb931afe288d63ef1b49006c

  • SHA256

    3a9fa9573f950af645066f329f6fa9de2ceb29ea932edcd8a19330969bed2954

  • SHA512

    6f77981baded0b230529dac719d28657b061ccd97df5cab094af1a91879783f3d589a2def3fbd92f3bdbcb0eb4f441fd6819f7c929ab9c0291d641689bba4955

  • SSDEEP

    3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk

Score
10/10

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

9c0adb

C2

http://193.3.19.154

Attributes
  • install_dir

    cb7ae701b3

  • install_file

    oneetx.exe

  • strings_key

    23b27c80db2465a8e1dc15491b69b82f

  • url_paths

    /store/games/index.php

rc4.plain

Targets

    • Target

      3a9fa9573f950af645066f329f6fa9de2ceb29ea932edcd8a19330969bed2954

    • Size

      206KB

    • MD5

      3ccd58ebee3d10d84362b2b92d536129

    • SHA1

      d470c7ccba0418c0eb931afe288d63ef1b49006c

    • SHA256

      3a9fa9573f950af645066f329f6fa9de2ceb29ea932edcd8a19330969bed2954

    • SHA512

      6f77981baded0b230529dac719d28657b061ccd97df5cab094af1a91879783f3d589a2def3fbd92f3bdbcb0eb4f441fd6819f7c929ab9c0291d641689bba4955

    • SSDEEP

      3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks