Overview

overview

10

Static

static

1

ab733235a7...f1.ps1

windows7-x64

3

ab733235a7...f1.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab733235a722c734fb8f19160825cef1.ps1

  • Size

    681KB

  • Sample

    250108-jh321azqbs

  • MD5

    ab733235a722c734fb8f19160825cef1

  • SHA1

    162b73031c52d7356337479488d60c333f404fdd

  • SHA256

    32e6d8538c6b1d47942918cef259a80e70f06feb0145d6e41d44ec5917435391

  • SHA512

    64a26e92c00a7a61acf71fdf819874ef6ce976117ddcaa0bea5ea3d57e2c631ff5569fdea081c6a39c73aa3ae40b0c08a049d7233c2a7e94232543cb1c4e67f6

  • SSDEEP

    12288:yfytehPmbJEW2WkiUHJcWzMkVjkMAkZZ7wyzDFBagP:5yWKV5jkUZUyzSgP

Score
10/10
amadey26467ediscoveryexecutiontrojan

Malware Config

Extracted

Family

amadey

Version

5.10

Botnet

26467e

C2

http://176.113.115.131

Attributes
  • install_dir

    adf0485ca6

  • install_file

    Gxtuum.exe

  • strings_key

    a60c430246a6b5eabfeff991901daa75

  • url_paths

    /8Fvu5jh4DbS/index.php

rc4.plain

Targets

    • Target

      ab733235a722c734fb8f19160825cef1.ps1

    • Size

      681KB

    • MD5

      ab733235a722c734fb8f19160825cef1

    • SHA1

      162b73031c52d7356337479488d60c333f404fdd

    • SHA256

      32e6d8538c6b1d47942918cef259a80e70f06feb0145d6e41d44ec5917435391

    • SHA512

      64a26e92c00a7a61acf71fdf819874ef6ce976117ddcaa0bea5ea3d57e2c631ff5569fdea081c6a39c73aa3ae40b0c08a049d7233c2a7e94232543cb1c4e67f6

    • SSDEEP

      12288:yfytehPmbJEW2WkiUHJcWzMkVjkMAkZZ7wyzDFBagP:5yWKV5jkUZUyzSgP

    Score
    10/10
    executionamadey26467ediscoverytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks