amadey | 4ae3ca87d8086b3d8beaca35c8d69db7b477f84111486caba6ff9682c5704b57 | Triage

Sharing

General

Target

Ejecución_De_Embargo1087682524110440457384889987429350028591104178436174773663625753785856169508441070649.exe
Size

250KB
Sample

210224-d8dgvcej2n
MD5

5144f2c618edf5a258b02fc2b71beefd
SHA1

69a27371c6c2f8db55ed23160945149a9011736e
SHA256

4ae3ca87d8086b3d8beaca35c8d69db7b477f84111486caba6ff9682c5704b57
SHA512

74a4e4be5b859f8edb999f0004cd7d13b4c56453de13379a073d6b077da691e291f89d3d0dcf791e623b6fd6bf5d16d3dfcc6df27fa43552a563227e98449567

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

2.11

C2

176.111.174.67/7Ndd3SnW/index.php

Targets

- Target
  
  Ejecución_De_Embargo1087682524110440457384889987429350028591104178436174773663625753785856169508441070649.exe
- Size
  
  250KB
- MD5
  
  5144f2c618edf5a258b02fc2b71beefd
- SHA1
  
  69a27371c6c2f8db55ed23160945149a9011736e
- SHA256
  
  4ae3ca87d8086b3d8beaca35c8d69db7b477f84111486caba6ff9682c5704b57
- SHA512
  
  74a4e4be5b859f8edb999f0004cd7d13b4c56453de13379a073d6b077da691e291f89d3d0dcf791e623b6fd6bf5d16d3dfcc6df27fa43552a563227e98449567
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2