amadey | b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15 | Triage

Submit
Reports

Overview

overview

Static

static

b1663d4497...15.exe

windows7-x64

b1663d4497...15.exe

windows10-2004-x64

Sharing

General

Target

b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15.exe
Size

452KB
Sample

250308-pvdkrsxlv9
MD5

a9749ee52eefb0fd48a66527095354bb
SHA1

78170bcc54e1f774528dea3118b50ffc46064fe0
SHA256

b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15
SHA512

9d21f0e1e376b89df717403a3939ed86ef61095bb9f0167ff15c01d3bbbee03d4dd01b3e2769ecd921e40e43bab3cbf0a6844ab6f296982227b0cb507b4b0e25
SSDEEP

12288:Rib1rFTRH6serb/p93j6fGMWP1N72h8xp:IH659m+Mk1YW

Score

10^/10

amadey systembc a4d2cd defense_evasion discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15.exe

Resource

win7-20250207-en

amadey systembc a4d2cd defense_evasion discovery trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15.exe

Resource

win10v2004-20250217-en

systembc defense_evasion discovery trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

5.21

Botnet

a4d2cd

C2

http://cobolrationumelawrtewarms.com

http://�� jlgenfekjlfnvtgpegkwr.xyz

Attributes

install_dir
a58456755d
install_file
Gxtuum.exe
strings_key
00fadbeacf092dfd58b48ef4ac68f826
url_paths
/3ofn3jf3e2ljk/index.php

rc4.plain

1
bf11e9eb444cca0553e5dc41fdf05974

Extracted

Family

systembc

C2

towerbingobongoboom.com

62.60.226.86

Attributes

dns
5.132.191.104

Targets

- Target
  
  b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15.exe
- Size
  
  452KB
- MD5
  
  a9749ee52eefb0fd48a66527095354bb
- SHA1
  
  78170bcc54e1f774528dea3118b50ffc46064fe0
- SHA256
  
  b1663d4497ddd27a59f090b72adcedddac51724a1c126f7d6469f8045d065e15
- SHA512
  
  9d21f0e1e376b89df717403a3939ed86ef61095bb9f0167ff15c01d3bbbee03d4dd01b3e2769ecd921e40e43bab3cbf0a6844ab6f296982227b0cb507b4b0e25
- SSDEEP
  
  12288:Rib1rFTRH6serb/p93j6fGMWP1N72h8xp:IH659m+Mk1YW
Score

10^/10

amadey systembc a4d2cd defense_evasion discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeysystembca4d2cddefense_evasiondiscoverytrojan

behavioral2

systembcdefense_evasiondiscoverytrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.