amadey | 1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181 | Triage

Resubmissions

19-01-2022 16:33

220119-t2pzlabeh4 10

25-11-2021 12:39

211125-pvmtfaaee9 10

Sharing

General

Target

1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
Size

6.2MB
Sample

220119-t2pzlabeh4
MD5

eaf0414732a32787b8c26e69af59bfa0
SHA1

e313935ac46f141a3940236026cfe0eb0f4a1dcc
SHA256

1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
SHA512

cc9dda5d5072e3ef01ee3e61fe23d0e753ca5957ff9f15e49377bd84a0be5b1f3606aaca9e6cbc7ff6fb67cf130da2d2174c32c5a2e5911706acf6b085706ab1

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

2.70

C2

185.215.113.45/g4MbvE/index.php

Targets

- Target
  
  1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
- Size
  
  6.2MB
- MD5
  
  eaf0414732a32787b8c26e69af59bfa0
- SHA1
  
  e313935ac46f141a3940236026cfe0eb0f4a1dcc
- SHA256
  
  1ae5c809ea8fabce9c699c87416d73ba5ab619accef6deeb26c2c38f39323181
- SHA512
  
  cc9dda5d5072e3ef01ee3e61fe23d0e753ca5957ff9f15e49377bd84a0be5b1f3606aaca9e6cbc7ff6fb67cf130da2d2174c32c5a2e5911706acf6b085706ab1
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2