Overview

overview

10

Static

static

3

Spotify Pr...up.exe

windows7-x64

10

Spotify Pr...up.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_cb5b534f0189a845cb43ea11408e4390f3b036d447c3ceedd337c2c88af0cc4c

  • Size

    666.4MB

  • Sample

    241225-sa9dgswlcr

  • MD5

    17ad61a9214cd9e9e45b384f60e72080

  • SHA1

    b71c00ef2cd78c49290794757ea4c55dfbfe876d

  • SHA256

    cb5b534f0189a845cb43ea11408e4390f3b036d447c3ceedd337c2c88af0cc4c

  • SHA512

    5463ab150cb38e0a10a4817adc56ebbcee44da598083d6cb1f1fc46b4448ba5b5c941318c0edd20be97108ac528c93bc97024622cb471d4cd3567fdd824af1ab

  • SSDEEP

    393216:05JZmjg+j9etHB77rUdzJauPPEj8SqEHZp+4/HSfmxhpKtMagDQ79Vh9XzqhTJe:QmvpX

Score
10/10
amadey563433discoverytrojan

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

563433

C2

http://31.41.244.146

Attributes
  • install_dir

    23e20ad4db

  • install_file

    oneetx.exe

  • strings_key

    3d2ec53af224847a59d1d611532d52aa

  • url_paths

    /u83mfdS2/index.php

rc4.plain

Targets

    • Target

      Spotify Premium/Setup.exe

    • Size

      630.2MB

    • MD5

      32a4d0a4ab16a702c4a00b41a6d1377e

    • SHA1

      cf9935a37c5477fdd991f50078d0fbe0da51f8df

    • SHA256

      6f895cd89dafd39df80e6cc7660f229e775c962ff249f56c9693ac16821cb9cf

    • SHA512

      c6a327e8d33fbcabba45fe3a10572d5632b3addc094010f39a709cdb3367004b659f05954988c8ee6c87196790f84a77be1c4813bd2ce8174cdd74f9a4d36ebf

    • SSDEEP

      6144:TfbOrBANQk+LQ9JfIzgPO6gsURuloFxdPQ:MO//AzgmuqO

    Score
    10/10
    amadey563433discoverytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks