amadey | d24cd201b59ae8b4b5d3e91e5283c2fb09e8a1659812d8eb04e227061473e476 | Triage

Submit
Reports

Overview

overview

Static

static

3

1ab71541ca...18.exe

windows7-x64

1ab71541ca...18.exe

windows10-2004-x64

Sharing

General

Target

1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118
Size

644KB
Sample

240701-k4tacswfkr
MD5

1ab71541ca9a32e1bf68f0cfea8e1f7b
SHA1

1b5615f4b20349b2939725fba10430540dc3c13d
SHA256

d24cd201b59ae8b4b5d3e91e5283c2fb09e8a1659812d8eb04e227061473e476
SHA512

3e7bd03b8deecf315a180f873d0486e7415fcb52e03f52f5eb8e33753bc6bedbd559db3f6bb9ca3b09ac3b1efea776eb46dd96e43eab2fd74ef2ba3e3b844651
SSDEEP

12288:YvFZvSduvBf6l2uoQceGlfziC8lQsIaz/Wc9Gojl3vtMK6:y3v1Bf6Yu36lfuCDaqc9Gojl3Fl

Score

10^/10

amadey 109c93 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118.exe

Resource

win7-20240419-en

amadey 109c93 trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118.exe

Resource

win10v2004-20240611-en

amadey 109c93 trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

2.11

Botnet

109c93

C2

http://csgoprofind.net

Attributes

install_dir
de9b658861
install_file
rween.exe
strings_key
720b92c5e32946a09a188fd6d18f00e2
url_paths
/gWmR5f2W/index.php

rc4.plain

Targets

- Target
  
  1ab71541ca9a32e1bf68f0cfea8e1f7b_JaffaCakes118
- Size
  
  644KB
- MD5
  
  1ab71541ca9a32e1bf68f0cfea8e1f7b
- SHA1
  
  1b5615f4b20349b2939725fba10430540dc3c13d
- SHA256
  
  d24cd201b59ae8b4b5d3e91e5283c2fb09e8a1659812d8eb04e227061473e476
- SHA512
  
  3e7bd03b8deecf315a180f873d0486e7415fcb52e03f52f5eb8e33753bc6bedbd559db3f6bb9ca3b09ac3b1efea776eb46dd96e43eab2fd74ef2ba3e3b844651
- SSDEEP
  
  12288:YvFZvSduvBf6l2uoQceGlfziC8lQsIaz/Wc9Gojl3vtMK6:y3v1Bf6Yu36lfuCDaqc9Gojl3Fl
Score

10^/10

amadey 109c93 trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadey109c93trojan

behavioral2

amadey109c93trojan

© 2018-2024

Terms | Privacy