amadey | 488385cd54d14790b03fa7c7dc997ebea3f7b2a8499e5927eb437a3791102a77 | Triage

Submit
Reports

Overview

overview

Static

static

Freshbuild.exe

windows10-1703-x64

8

Freshbuild.exe

windows7-x64

7

Freshbuild.exe

windows10-2004-x64

7

Freshbuild.exe

windows11-21h2-x64

7

Sharing

General

Target

Freshbuild.exe
Size

415KB
Sample

240629-n985jsxckh
MD5

07101cac5b9477ba636cd8ca7b9932cb
SHA1

59ea7fd9ae6ded8c1b7240a4bf9399b4eb3849f1
SHA256

488385cd54d14790b03fa7c7dc997ebea3f7b2a8499e5927eb437a3791102a77
SHA512

02240ff51a74966bc31cfcc901105096eb871f588efaa9be1a829b4ee6f245bd9dca37be7e2946ba6315feea75c3dce5f490847250e62081445cd25b0f406887
SSDEEP

12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud

Score

10^/10

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Freshbuild.exe

Resource

win10-20240404-en

windows10-1703-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Freshbuild.exe

Resource

win7-20240508-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

Freshbuild.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

Freshbuild.exe

Resource

win11-20240611-en

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4b955f

C2

http://185.172.128.116

Attributes

install_dir
b66a8ae076
install_file
Hkbsse.exe
strings_key
d0f1609e2fff913c5fc0b879a0d56e06
url_paths
/Mb3GvQs8/index.php

rc4.plain

Targets

- Target
  
  Freshbuild.exe
- Size
  
  415KB
- MD5
  
  07101cac5b9477ba636cd8ca7b9932cb
- SHA1
  
  59ea7fd9ae6ded8c1b7240a4bf9399b4eb3849f1
- SHA256
  
  488385cd54d14790b03fa7c7dc997ebea3f7b2a8499e5927eb437a3791102a77
- SHA512
  
  02240ff51a74966bc31cfcc901105096eb871f588efaa9be1a829b4ee6f245bd9dca37be7e2946ba6315feea75c3dce5f490847250e62081445cd25b0f406887
- SSDEEP
  
  12288:5fSPtGpmLb84Jjzo6yrBuKuJ+ITOC0Ud:UtGpmf8edykhV0Ud
Score

8^/10
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy