amadey | 1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181 | Triage

Resubmissions

19-01-2022 16:33

220119-t2pzlabeh4 10

25-11-2021 12:39

211125-pvmtfaaee9 10

Sharing

General

Target

1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
Size

6.2MB
Sample

211125-pvmtfaaee9
MD5

eaf0414732a32787b8c26e69af59bfa0
SHA1

e313935ac46f141a3940236026cfe0eb0f4a1dcc
SHA256

1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
SHA512

cc9dda5d5072e3ef01ee3e61fe23d0e753ca5957ff9f15e49377bd84a0be5b1f3606aaca9e6cbc7ff6fb67cf130da2d2174c32c5a2e5911706acf6b085706ab1

Score

10^/10

amadey trojan

Malware Config

Targets

- Target
  
  1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
- Size
  
  6.2MB
- MD5
  
  eaf0414732a32787b8c26e69af59bfa0
- SHA1
  
  e313935ac46f141a3940236026cfe0eb0f4a1dcc
- SHA256
  
  1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
- SHA512
  
  cc9dda5d5072e3ef01ee3e61fe23d0e753ca5957ff9f15e49377bd84a0be5b1f3606aaca9e6cbc7ff6fb67cf130da2d2174c32c5a2e5911706acf6b085706ab1
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2