amadey | 3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926 | Triage

Sharing

General

Target

3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926.exe
Size

295KB
Sample

210220-4a8dbsjf12
MD5

5522f4b9234aea8bbc17670cb1cfd322
SHA1

cabd799a2db28208367acc365227f3916d4e0cd0
SHA256

3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926
SHA512

589ab3896a4af81a100844d4b12c17c355b10f850b73827bfb4c5e88c3e7aa445c79411463b7e91e8110c0d1823585c80bbb53c579094d585e218188b1f4b365

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

2.11

C2

176.111.174.67/7Ndd3SnW/index.php

Targets

- Target
  
  3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926.exe
- Size
  
  295KB
- MD5
  
  5522f4b9234aea8bbc17670cb1cfd322
- SHA1
  
  cabd799a2db28208367acc365227f3916d4e0cd0
- SHA256
  
  3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926
- SHA512
  
  589ab3896a4af81a100844d4b12c17c355b10f850b73827bfb4c5e88c3e7aa445c79411463b7e91e8110c0d1823585c80bbb53c579094d585e218188b1f4b365
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2