General

  • Target

    random.exe

  • Size

    1.8MB

  • Sample

    250129-sz2d6s1qaz

  • MD5

    5ca52c28f9a0abc59444e3c7961a078b

  • SHA1

    6bb38c8739995ac55283468843b5fa114f8dcdac

  • SHA256

    a40c3d89a4ee72601da3b5d6a2428e1f2a181176da82eef3e3e20a92e7086f99

  • SHA512

    c7595db3beff48e4ca8960467b4ff44572aac8ec067addbb8f17a6dd951aa59731c9b6f3f688f1f134e610a03ef8601198a3e19d317f2ebe53849a8561cbb8e6

  • SSDEEP

    49152:DshJeO3bi+ZXKnqDXrc52WTUlbJkyVwih+PjUsh:DshJL3jcnOXrG2lltWihCUs

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain
1
006700e5a2ab05704bbb0c589b88924d

Targets

    • Target

      random.exe

    • Size

      1.8MB

    • MD5

      5ca52c28f9a0abc59444e3c7961a078b

    • SHA1

      6bb38c8739995ac55283468843b5fa114f8dcdac

    • SHA256

      a40c3d89a4ee72601da3b5d6a2428e1f2a181176da82eef3e3e20a92e7086f99

    • SHA512

      c7595db3beff48e4ca8960467b4ff44572aac8ec067addbb8f17a6dd951aa59731c9b6f3f688f1f134e610a03ef8601198a3e19d317f2ebe53849a8561cbb8e6

    • SSDEEP

      49152:DshJeO3bi+ZXKnqDXrc52WTUlbJkyVwih+PjUsh:DshJL3jcnOXrG2lltWihCUs

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    • Amadey family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.