Overview

overview

10

Static

static

10

2756-3-0x0...ry.exe

windows7-x64

1

2756-3-0x0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2756-3-0x0000000000A70000-0x0000000000F18000-memory.dmp

  • Size

    4.7MB

  • Sample

    241226-wwp4hstngy

  • MD5

    a324b533fe0bb8c61b3d39683cbd7ba0

  • SHA1

    97e6c56a576353e52cf408a86bc09e24d8b6ff3d

  • SHA256

    3199acf427f299c58d1bf4387303af0a4818dfec773d19e923f86a4c17362b44

  • SHA512

    e39faa0a7f0e1d7448c44f6f7e0ee4a1e6d55319af5b592ebada848e38749d43d304a3b0cb1c6b9e7e39126887758e6f687d1dd1c3142f930728089ff79147df

  • SSDEEP

    98304:QCMOQZGOZJsJs7KFE54JwksvOvmUWJQS6lFRykx0ia5OE+t:Q154J+vO+U4QSkRykrvE+t

Score
10/10
amadeyfed3aatrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Targets

    • Target

      2756-3-0x0000000000A70000-0x0000000000F18000-memory.dmp

    • Size

      4.7MB

    • MD5

      a324b533fe0bb8c61b3d39683cbd7ba0

    • SHA1

      97e6c56a576353e52cf408a86bc09e24d8b6ff3d

    • SHA256

      3199acf427f299c58d1bf4387303af0a4818dfec773d19e923f86a4c17362b44

    • SHA512

      e39faa0a7f0e1d7448c44f6f7e0ee4a1e6d55319af5b592ebada848e38749d43d304a3b0cb1c6b9e7e39126887758e6f687d1dd1c3142f930728089ff79147df

    • SSDEEP

      98304:QCMOQZGOZJsJs7KFE54JwksvOvmUWJQS6lFRykx0ia5OE+t:Q154J+vO+U4QSkRykrvE+t

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks