amadey | 2073a3f1729c877b9f4bc2e1eeefbc5dbde88f10e1208eda6f0b7c9dec15d1b1 | Triage

Sharing

General

Target

Unconfirmed744079.crdownload
Size

424KB
Sample

250407-gv83ns1tdt
MD5

38ee09612f2dceebb2b066d18b60ad21
SHA1

8fb4ac46056abad937c3fa47f001a7b0c9faef06
SHA256

2073a3f1729c877b9f4bc2e1eeefbc5dbde88f10e1208eda6f0b7c9dec15d1b1
SHA512

c92660ca84c46404b015c61179ce8f0992e454d4e4f74cfef5ca6bc848a34646f350ec0b10a587f246154cf48ff2d82f87740e2bfa96e4e3a0936f8346962780
SSDEEP

12288:RUk/mCGy15vVcd7LbxokyCBzj42Uv3+/IZAXg:RUEvVCoFx2U2Fg

Score

10^/10

amadey a8c0c1 discovery

Malware Config

Extracted

Family

amadey

Version

5.33

Botnet

a8c0c1

C2

http://185.208.156.252

Attributes

install_dir
3114b4b57c
install_file
tgvazx.exe
strings_key
d7cb31e7dac36aa249eb524e654c359a
url_paths
/u9DvjMfd/index.php

rc4.plain

Targets

- Target
  
  Unconfirmed744079.crdownload
- Size
  
  424KB
- MD5
  
  38ee09612f2dceebb2b066d18b60ad21
- SHA1
  
  8fb4ac46056abad937c3fa47f001a7b0c9faef06
- SHA256
  
  2073a3f1729c877b9f4bc2e1eeefbc5dbde88f10e1208eda6f0b7c9dec15d1b1
- SHA512
  
  c92660ca84c46404b015c61179ce8f0992e454d4e4f74cfef5ca6bc848a34646f350ec0b10a587f246154cf48ff2d82f87740e2bfa96e4e3a0936f8346962780
- SSDEEP
  
  12288:RUk/mCGy15vVcd7LbxokyCBzj42Uv3+/IZAXg:RUEvVCoFx2U2Fg
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1