Overview

overview

10

Static

static

10

4852-34-0x...ry.exe

windows7-x64

10

4852-34-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4852-34-0x0000000000F20000-0x00000000013E8000-memory.dmp

  • Size

    4.8MB

  • Sample

    241127-p35zzs1jbl

  • MD5

    ac1462b6d29305d3d7bf592606b5c5a2

  • SHA1

    94fa73e1aba9589cd32868044fa9bbe8298f31eb

  • SHA256

    efd0fd629d909a5cc6f08ac4dc321cc9a4e7769d6f422db239391bcb22d2b045

  • SHA512

    5ee6c9605787bf020676c019a3c86534cfcb34672b6d55a4c4aa6a1838017ebf49f7d05bcc8025db47e7f2ef8363864cfe36ab5fdd4c2eccfb7bd86fc9ecd679

  • SSDEEP

    98304:D8i1Rxn3bE6IALGZjlcMrTeb/+X37HKrAUhBuAHx2ED2u3IgK7EU0B:DlVIg/+2rAUam2iPW7A

Score
10/10
amadey9c9aa5trojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Targets

    • Target

      4852-34-0x0000000000F20000-0x00000000013E8000-memory.dmp

    • Size

      4.8MB

    • MD5

      ac1462b6d29305d3d7bf592606b5c5a2

    • SHA1

      94fa73e1aba9589cd32868044fa9bbe8298f31eb

    • SHA256

      efd0fd629d909a5cc6f08ac4dc321cc9a4e7769d6f422db239391bcb22d2b045

    • SHA512

      5ee6c9605787bf020676c019a3c86534cfcb34672b6d55a4c4aa6a1838017ebf49f7d05bcc8025db47e7f2ef8363864cfe36ab5fdd4c2eccfb7bd86fc9ecd679

    • SSDEEP

      98304:D8i1Rxn3bE6IALGZjlcMrTeb/+X37HKrAUhBuAHx2ED2u3IgK7EU0B:DlVIg/+2rAUam2iPW7A

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks