General

  • Target

    JaffaCakes118_ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319

  • Size

    331KB

  • Sample

    241224-a4n1jawrax

  • MD5

    6042c40a57c02d426c2e2acd9f2bc0b2

  • SHA1

    65c1ba0bab5936f8a55d7735918459aa489f9200

  • SHA256

    ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319

  • SHA512

    9a2457255d1b0ae2e5bb291cb7b8f9e1358306a55326ef714d32c979819d4da5ca0f937e45a9f1c19b82446f74a701193d05be3e641a092c3309963972ee9aa7

  • SSDEEP

    6144:C6+jqQ2oya8Kt17AtPJnFOLNBYUMdQ04PNvRy6ImJJWwd:CbX9p8i17ANbOLAUy6VvRyGJEwd

Malware Config

Extracted

Family

amadey

Version

3.10

Botnet

d8b51d

C2

http://193.106.191.218

Attributes
  • install_dir

    98d3052e12

  • install_file

    orxds.exe

  • strings_key

    cb1d9c802af40fc7b0f3697a01a3365a

  • url_paths

    /8bed3CS/index.php

rc4.plain

Targets

    • Target

      JaffaCakes118_ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319

    • Size

      331KB

    • MD5

      6042c40a57c02d426c2e2acd9f2bc0b2

    • SHA1

      65c1ba0bab5936f8a55d7735918459aa489f9200

    • SHA256

      ce8cce13753044619862690903a78366a5bae75d6d28dd1d72ce4195ed69d319

    • SHA512

      9a2457255d1b0ae2e5bb291cb7b8f9e1358306a55326ef714d32c979819d4da5ca0f937e45a9f1c19b82446f74a701193d05be3e641a092c3309963972ee9aa7

    • SSDEEP

      6144:C6+jqQ2oya8Kt17AtPJnFOLNBYUMdQ04PNvRy6ImJJWwd:CbX9p8i17ANbOLAUy6VvRyGJEwd

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Amadey family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks