Overview

overview

10

Static

static

10

2988-33-0x...ry.exe

windows7-x64

10

2988-33-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2988-33-0x0000000000FB0000-0x0000000001467000-memory.dmp

  • Size

    4.7MB

  • Sample

    250209-vba87axlfx

  • MD5

    542599cb67996bc7adb6bc0c26a9ef0a

  • SHA1

    2274ccc5b96e2111c9280d05bd4a856f6733318f

  • SHA256

    e153e2e9a4878a099263043a44d63fe762741fa14484af0aefe37799b1f043e3

  • SHA512

    d782e3db41526ba2eaf7a1b61f6fe2d19937b13eb09084d27305eb6c0979ca8f73a1d995938a0201e404fa2ad964eec8083aa0f05d9cea9767448372e4b7126b

  • SSDEEP

    98304:FH9c7pGisR7d+Sl4Ij4ZCx43dG40atoxskQGLCsyzfvXyPZ4DHPw4qxg22t2L:FTkCq/CQXa4jwg

Score
10/10
amadeyfed3aadiscoverytrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Targets

    • Target

      2988-33-0x0000000000FB0000-0x0000000001467000-memory.dmp

    • Size

      4.7MB

    • MD5

      542599cb67996bc7adb6bc0c26a9ef0a

    • SHA1

      2274ccc5b96e2111c9280d05bd4a856f6733318f

    • SHA256

      e153e2e9a4878a099263043a44d63fe762741fa14484af0aefe37799b1f043e3

    • SHA512

      d782e3db41526ba2eaf7a1b61f6fe2d19937b13eb09084d27305eb6c0979ca8f73a1d995938a0201e404fa2ad964eec8083aa0f05d9cea9767448372e4b7126b

    • SSDEEP

      98304:FH9c7pGisR7d+Sl4Ij4ZCx43dG40atoxskQGLCsyzfvXyPZ4DHPw4qxg22t2L:FTkCq/CQXa4jwg

    Score
    10/10
    amadeytrojandiscovery

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks