Overview

overview

10

Static

static

3abf0b6da0...26.exe

windows7_x64

10

3abf0b6da0...26.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926.zip

  • Size

    180KB

  • Sample

    210227-rmhfqb78r2

  • MD5

    5441a7170bf40096e1a0857df92af0b9

  • SHA1

    0235c5f74ecbb12f7419addb3aaec4e04d151627

  • SHA256

    a837605de4aec4841a22a119767a14cc2892a71a19870b9d897c295b4d3c325f

  • SHA512

    0271274a7513620d3c00264de2e84ccbabaa0b5d721983e84652844c8662dfac3e5360459e8de396f8f4189b5f0b55ea77d0a5957cc3db8fd8c9dc6f9e50355b

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

2.11

C2

176.111.174.67/7Ndd3SnW/index.php

Targets

    • Target

      3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926.exe

    • Size

      295KB

    • MD5

      5522f4b9234aea8bbc17670cb1cfd322

    • SHA1

      cabd799a2db28208367acc365227f3916d4e0cd0

    • SHA256

      3abf0b6da06a8740f91acf87b964de2b314220cf14226b003af9c97acd2ce926

    • SHA512

      589ab3896a4af81a100844d4b12c17c355b10f850b73827bfb4c5e88c3e7aa445c79411463b7e91e8110c0d1823585c80bbb53c579094d585e218188b1f4b365

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks