Overview

overview

10

Static

static

1

d65d87ab04...68.ps1

windows7-x64

3

d65d87ab04...68.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d65d87ab0447ebd71d228e52749c97bb1e732b8a2f4c31537b08bff29fc27768.ps1

  • Size

    657KB

  • Sample

    250109-dmebjsyjgk

  • MD5

    23651958582a81e31bc320af26c67bc4

  • SHA1

    59e419657487ea25c9b595a588e9dda925df7093

  • SHA256

    d65d87ab0447ebd71d228e52749c97bb1e732b8a2f4c31537b08bff29fc27768

  • SHA512

    d577031683c9bf5ea1ed936e28ca675008a55b9d3c0aee9f1f0697b96a8e5e66b06d2e5380fa4dc6a331c15fe2a863f93e9fcf3fa580b5fe6cbeebc09206b04a

  • SSDEEP

    12288:RY2Hsquh5a/bhCgWqiWHIcWzMkVjkMAkxZ7wyz3Zm2+:GYsqWHV5jkMZUyzE2+

Score
10/10
amadey03013ediscoveryexecutiontrojan

Malware Config

Extracted

Family

amadey

Version

5.10

Botnet

03013e

C2

http://185.11.61.104

Attributes
  • install_dir

    0d7d65a8fb

  • install_file

    Gxtuum.exe

  • strings_key

    6a02c43bc60cba83349fcb51d95a69ff

  • url_paths

    /7jbBdsS/index.php

rc4.plain

Targets

    • Target

      d65d87ab0447ebd71d228e52749c97bb1e732b8a2f4c31537b08bff29fc27768.ps1

    • Size

      657KB

    • MD5

      23651958582a81e31bc320af26c67bc4

    • SHA1

      59e419657487ea25c9b595a588e9dda925df7093

    • SHA256

      d65d87ab0447ebd71d228e52749c97bb1e732b8a2f4c31537b08bff29fc27768

    • SHA512

      d577031683c9bf5ea1ed936e28ca675008a55b9d3c0aee9f1f0697b96a8e5e66b06d2e5380fa4dc6a331c15fe2a863f93e9fcf3fa580b5fe6cbeebc09206b04a

    • SSDEEP

      12288:RY2Hsquh5a/bhCgWqiWHIcWzMkVjkMAkxZ7wyz3Zm2+:GYsqWHV5jkMZUyzE2+

    Score
    10/10
    executionamadey03013ediscoverytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks