Overview

overview

10

Static

static

10

2e3a5dfa44...7e.exe

windows7-x64

10

2e3a5dfa44...7e.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51ff79b406cb223dd49dd4c947ec97b0.bin

  • Size

    206KB

  • Sample

    241223-bllywstlcl

  • MD5

    507fef6f2c7976479c667da3479eb514

  • SHA1

    cab4813e0e5e7cd43c98aa58032372c5481781aa

  • SHA256

    c5ce6422ab4df2f9af17e306f0f895711b9108560f83280768113702de05b1ff

  • SHA512

    8127d68aa9265572ad273e818d38466d5e9cb4240c66d1c253ab61386b3ae4e38be5c241cbe31a60c2a5e39fd80e6bbbe87db46045943e29c51fc95bf4a9ef9c

  • SSDEEP

    3072:UNP6QlQqjBdo8O+3M3GAGHi67L4PyDETu3+4LPavK51GwY2sxVuyY8ybh:xQK4PfOJHyiG4P0zLCvJwGxVu5h

Score
10/10
amadeyd5db2ddiscoverytrojan

Malware Config

Extracted

Family

amadey

Version

5.12

Botnet

d5db2d

C2

http://212.193.31.8

Attributes
  • install_dir

    e458d263c0

  • install_file

    Gxtuum.exe

  • strings_key

    0e18a2a9dd22cd0f87c9fba7075c3b39

  • url_paths

    /3ofn3jf3e2ljk2/index.php

rc4.plain

Targets

    • Target

      2e3a5dfa44d59681a60d78b8b08a1af3878d8e270c02d7e31a0876a85eb42a7e.exe

    • Size

      429KB

    • MD5

      51ff79b406cb223dd49dd4c947ec97b0

    • SHA1

      b9b0253480a1b6cbdd673383320fecae5efb3dce

    • SHA256

      2e3a5dfa44d59681a60d78b8b08a1af3878d8e270c02d7e31a0876a85eb42a7e

    • SHA512

      c2b8d15b0dc1b0846f39ce007be2deb41d5b6ae76af90d618f29da8691ed987c42f3c270f0ea7f4d10cbd2d3877118f4133803c9c965b6ff236ff8cfafd9367c

    • SSDEEP

      12288:v4RG6lx/9Njr18QlSfJy4FjMSkJCzDLGDWD:O9NtSTZMzmmD4

    Score
    10/10
    amadeyd5db2ddiscoverytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks