Overview

overview

10

Static

static

10

Bitcoin fa....2.zip

windows10-2004-x64

1

Bitcoin fa....2.zip

windows10-2004-x64

1

Flasher.exe

windows10-2004-x64

10

Flasher.exe

windows10-2004-x64

10

aida_helper64.exe

windows10-ltsc_2021-x64

1

aida_helper64.exe

windows10-2004-x64

1

aida_icons10.dll

windows11-21h2-x64

3

aida_icons10.dll

windows10-2004-x64

3

aida_icons2k.dll

windows10-2004-x64

3

aida_icons2k.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bitcoin fake trasaction creator v1.2.zip

  • Size

    3.9MB

  • Sample

    250331-q2el3s1tez

  • MD5

    1f1b60d20d30d6615b2745e4b9b2394d

  • SHA1

    64aa10dad8499fde2de5af913354df6f56b7d9e4

  • SHA256

    43979eec990561d1024709380f8d7b97f95156f672f2aa37ebc4806eccf62571

  • SHA512

    bc1dcce49321c11e78948e0c62b4a4dab10df38381363cf0551861475463aa9d8b9d7295994db4050d2b3040ba0e7b28152d2d55bdcd6583d351167559806d4d

  • SSDEEP

    98304:z1xElgdPfh+B1hW9qwCRCUcm0Nszws0ruKyT40CkqTnQXIpej:z1OOiW9oAFm0uzwzyT1gQY+

Score
10/10
amadeysvcstealer2128e7discoverydownloaderpersistencepyinstallerspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

5.30

Botnet

2128e7

C2

http://185.81.68.156

Attributes
  • install_dir

    f917d25a84

  • install_file

    Gxtuum.exe

  • strings_key

    18df5e065d410729e56d0ce2b95f56d8

  • url_paths

    /jb87ejvjdsS/index.php

rc4.plain

Targets

    • Target

      Bitcoin fake trasaction creator v1.2.zip

    • Size

      3.9MB

    • MD5

      1f1b60d20d30d6615b2745e4b9b2394d

    • SHA1

      64aa10dad8499fde2de5af913354df6f56b7d9e4

    • SHA256

      43979eec990561d1024709380f8d7b97f95156f672f2aa37ebc4806eccf62571

    • SHA512

      bc1dcce49321c11e78948e0c62b4a4dab10df38381363cf0551861475463aa9d8b9d7295994db4050d2b3040ba0e7b28152d2d55bdcd6583d351167559806d4d

    • SSDEEP

      98304:z1xElgdPfh+B1hW9qwCRCUcm0Nszws0ruKyT40CkqTnQXIpej:z1OOiW9oAFm0uzwzyT1gQY+

    Score
    1/10
    behavioral1behavioral2

    • Target

      Flasher.exe

    • Size

      1.9MB

    • MD5

      7175d81d25f930437cbe872da4d6146e

    • SHA1

      aff6402b462e139b998e4afc4cdef7cdb246f788

    • SHA256

      9a3f94eb934151c3114d646d229289b5670a0f99f99393a6f2b692ec5cf9cab3

    • SHA512

      3aa38a22511cc5d5717b2af284d9ba7b1f8228bd603930b9c4853c22f12b87c92c9b49e8b469f75c195b2b5a3f74bb5ca92f0890666bf659d6fef6c3c0f67082

    • SSDEEP

      24576:1dTwms7tp9VZ5Mo2QhG3aMUFgElJkWQezUmops7mwfMZhrS2N6zKnBDGxk8uE+cG:/1et19y+lMLOz49Gxk8Z+cq

    Score
    10/10
    amadeysvcstealerdiscoverydownloaderpersistencestealertrojan2128e7pyinstallerspyware

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Amadey family

      amadey

    • Detects SvcStealer Payload

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

    • SvcStealer, Diamotrix

      SvcStealer aka Diamotrix Clipper is a stealer/downloader written in C++.

      stealerdownloadersvcstealer

    • Svcstealer family

      svcstealer

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence
    behavioral3behavioral4

    • Target

      aida_helper64.dll

    • Size

      86KB

    • MD5

      13c00b55000d3b3b81e6c7b51b2ce29a

    • SHA1

      b4235165b78d39328d7baad2d34b957f54619024

    • SHA256

      3333d928a1057d3740697322f4244aed687a22e45cdaa7b899eba13248a075ec

    • SHA512

      d40dbc237d1328fbe686289b659afeb900c52ca245cdb669518066a22ef2e6e1092d21911172a2240328260cca2e201038936a4fa31c8beccb8afde9bc0d1033

    • SSDEEP

      1536:Unc2hs9GwTcbZqrhHS9+4CcBzyRj0o0LWqH22BP7Hxib:k9G9GwTcbcVy9+4zBzcjD0LWqHpPO

    Score
    1/10
    behavioral5behavioral6

    • Target

      aida_icons10.dll

    • Size

      8.7MB

    • MD5

      dd42b4112c376a37f210c1f9565703c8

    • SHA1

      0137970f0ffb874fa3a8e7d19f3ad8f9c4b04b8a

    • SHA256

      93f2bb85ecdaf465dadfcd1c775e78aae0b5b27269fb62eb5b4d2c9a26e5fd65

    • SHA512

      bd997c41594798cbfb4c89fa6b1dd0732f3ac1bcc92aa3ec647b7d7011aaa6564910750dbc91f1e256c0c0fd660f5e06f6820af416e19ede1c086f2092dc5357

    • SSDEEP

      196608:OSoll3nYiB4VSWzRZ66z24VZbdt44QoTXGA:xknY7VSWzHTXV

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      aida_icons2k.dll

    • Size

      382KB

    • MD5

      93bcf2836ca2a9a686c70dec1dc2766c

    • SHA1

      01426659e4adc4654ccdf474f26187ab80f06d7a

    • SHA256

      ff8f9b7deccfcfbda838fa624d57f6316db058dd0e850136a0b642d183372577

    • SHA512

      f76d404f2451ac2385e729559479a57c8dc2c85cacece83e0a37eb4a4dad400f3e52af33a67a20a34ae544c3935baace5c141242590699fdff1f9022a3888cc4

    • SSDEEP

      6144:FXolNHvLMMZMMMvjZM34gYs1W3DPxi5X22a:FXojMMZMMM7pgYs1GPw5X9a

    Score
    3/10
    discovery
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks