General

  • Target

    3807e96ad43d3cf2ab0e6d4abb21cf178287e1add4ea594d5b2e27c71c5d8a62

  • Size

    256KB

  • Sample

    241121-2tsphstkel

  • MD5

    e5c840e85060fa46fb9b4f93e3b53bf5

  • SHA1

    3f9de43f5d905a17aab72ce383af62fb573eea04

  • SHA256

    3807e96ad43d3cf2ab0e6d4abb21cf178287e1add4ea594d5b2e27c71c5d8a62

  • SHA512

    35470ccb36fbaf1191be5b525be5ff1e5fc01ff0b97aa6a90253b50bee6865b940f53138da8ed5ca14a75d9ee02ff42a59c562769593de482a3000cdfdb2be5d

  • SSDEEP

    6144:bZkFRbXfb7wzY1FJRRBx5oUsWW5W8g4/ve7:bZcpXGY1FJRTtsWWj

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

8c4642

C2

http://193.201.9.240

Attributes
  • install_dir

    cb7ae701b3

  • install_file

    oneetx.exe

  • strings_key

    c7c0f24aa6d8f611f5533809029a4795

  • url_paths

    /live/games/index.php

rc4.plain

Targets

    • Target

      3807e96ad43d3cf2ab0e6d4abb21cf178287e1add4ea594d5b2e27c71c5d8a62

    • Size

      256KB

    • MD5

      e5c840e85060fa46fb9b4f93e3b53bf5

    • SHA1

      3f9de43f5d905a17aab72ce383af62fb573eea04

    • SHA256

      3807e96ad43d3cf2ab0e6d4abb21cf178287e1add4ea594d5b2e27c71c5d8a62

    • SHA512

      35470ccb36fbaf1191be5b525be5ff1e5fc01ff0b97aa6a90253b50bee6865b940f53138da8ed5ca14a75d9ee02ff42a59c562769593de482a3000cdfdb2be5d

    • SSDEEP

      6144:bZkFRbXfb7wzY1FJRRBx5oUsWW5W8g4/ve7:bZcpXGY1FJRTtsWWj

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Amadey family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks