Overview

overview

10

Static

static

1

5ec04966ef...7d.exe

windows7-x64

3

5ec04966ef...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ec04966ef8901ac13aa603645b3197d.exe

  • Size

    5.1MB

  • Sample

    241216-r1v34stnaj

  • MD5

    5ec04966ef8901ac13aa603645b3197d

  • SHA1

    e5263e87abb62c10a7224b598ae905858c6000de

  • SHA256

    49e58e5dd3be1cb7249207a329c465ae65fa3099148b4e4e279afd88bc4b1fe0

  • SHA512

    0fb6c5fa4110a2abcc02d1f405b1cd7236778223b2865991baef05eeaf2314d7b57104fbd0bc0a5c263561e144434a654937b4c620c5960f83064fcf279b3d4d

  • SSDEEP

    98304:8L1T/X3Xn/odDFr3urN2mPR1iGV1PxMNmXV7v:+vJrNNJgGV1Px+W9

Score
10/10
amadey9c88c6discoverypersistenceprivilege_escalationtrojan

Malware Config

Extracted

Family

amadey

Version

5.04

Botnet

9c88c6

Attributes
  • install_dir

    c0461fd49a

  • install_file

    Gxtuum.exe

  • strings_key

    1b8c0142f1804d4531696e70270c2eee

  • url_paths

    /pLQvfD4d5/index.php

rc4.plain

Targets

    • Target

      5ec04966ef8901ac13aa603645b3197d.exe

    • Size

      5.1MB

    • MD5

      5ec04966ef8901ac13aa603645b3197d

    • SHA1

      e5263e87abb62c10a7224b598ae905858c6000de

    • SHA256

      49e58e5dd3be1cb7249207a329c465ae65fa3099148b4e4e279afd88bc4b1fe0

    • SHA512

      0fb6c5fa4110a2abcc02d1f405b1cd7236778223b2865991baef05eeaf2314d7b57104fbd0bc0a5c263561e144434a654937b4c620c5960f83064fcf279b3d4d

    • SSDEEP

      98304:8L1T/X3Xn/odDFr3urN2mPR1iGV1PxMNmXV7v:+vJrNNJgGV1Px+W9

    Score
    10/10
    discoveryamadey9c88c6persistenceprivilege_escalationtrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks