amadey | ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2 | Triage

Sharing

General

Target

ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe
Size

204KB
Sample

211002-gre1esdhel
MD5

d7a4223e43b194c93b0663e8e319fbaa
SHA1

d6cbe3198b1875a485773496b0e9c2b944b23133
SHA256

ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2
SHA512

e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c

Score

10^/10

amadey suricata trojan

Malware Config

Extracted

Family

amadey

Version

2.70

C2

185.215.113.45/g4MbvE/index.php

Targets

- Target
  
  ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2.exe
- Size
  
  204KB
- MD5
  
  d7a4223e43b194c93b0663e8e319fbaa
- SHA1
  
  d6cbe3198b1875a485773496b0e9c2b944b23133
- SHA256
  
  ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2
- SHA512
  
  e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c
Score

10^/10

amadey suricata trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- suricata: ET MALWARE Amadey CnC Check-In
  suricata: ET MALWARE Amadey CnC Check-In
  suricata
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeysuricatatrojan

behavioral2

amadeysuricatatrojan