amadey | 97756a3aba636c16c10852a994291250619678bc677fadbe358487d95309ecaa | Triage

Sharing

General

Target

b2142649.exe
Size

224KB
Sample

250127-m3mgjawncl
MD5

95c08c6bdade25e84a4536396760af3a
SHA1

2135bdd1c6de0e38e5c5814f8aed95d26e7534a3
SHA256

97756a3aba636c16c10852a994291250619678bc677fadbe358487d95309ecaa
SHA512

bef843c0b30a149ba1fb702cd680fb3a4839429b44343124363324153ffa011ea27e512703e16456f3291932911a4d5dab58b76d0446cc502b6666caafe80ca7
SSDEEP

3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+

Score

10^/10

amadey 88c8bb discovery

Malware Config

Extracted

Family

amadey

Version

3.86

Botnet

88c8bb

C2

http://77.91.68.61

Attributes

install_dir
925e7e99c5
install_file
pdates.exe
strings_key
ada76b8b0e1f6892ee93c20ab8946117
url_paths
/rock/index.php

rc4.plain

Targets

- Target
  
  b2142649.exe
- Size
  
  224KB
- MD5
  
  95c08c6bdade25e84a4536396760af3a
- SHA1
  
  2135bdd1c6de0e38e5c5814f8aed95d26e7534a3
- SHA256
  
  97756a3aba636c16c10852a994291250619678bc677fadbe358487d95309ecaa
- SHA512
  
  bef843c0b30a149ba1fb702cd680fb3a4839429b44343124363324153ffa011ea27e512703e16456f3291932911a4d5dab58b76d0446cc502b6666caafe80ca7
- SSDEEP
  
  3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2