Overview

overview

10

Static

static

8

amadey.exe

windows7_x64

10

amadey.exe

windows10_x64

10

amadey.exe

windows10-2004_x64

10

Resubmissions

12-08-2024 14:48

240812-r6r9eawbmm 10

13-04-2022 03:36

220413-d51x9safek 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    amadey

  • Size

    6.7MB

  • Sample

    220413-d51x9safek

  • MD5

    fc33eb2d1bc5bddd539a2d498a758b93

  • SHA1

    c2daa51655e86088bb554e89e047667f60af822f

  • SHA256

    4d02224a7dadfc2d8a1343fdc51e4634a98bd073f867bfd091e667efd112108a

  • SHA512

    ea0da825962b2c4beb67ce7bf54ee4139e47b4b756cc474eea06eb856e75d6b6b98133e8d9e3ebd9508c3fbdb47cc5da62eb81a1206fd3383b0673508e098656

Score
10/10
amadeybabadedacrypterloadertrojanupx

Malware Config

Extracted

Family

amadey

Version

2.42

C2

185.215.113.53/bPwsAq2/index.php

Targets

    • Target

      amadey

    • Size

      6.7MB

    • MD5

      fc33eb2d1bc5bddd539a2d498a758b93

    • SHA1

      c2daa51655e86088bb554e89e047667f60af822f

    • SHA256

      4d02224a7dadfc2d8a1343fdc51e4634a98bd073f867bfd091e667efd112108a

    • SHA512

      ea0da825962b2c4beb67ce7bf54ee4139e47b4b756cc474eea06eb856e75d6b6b98133e8d9e3ebd9508c3fbdb47cc5da62eb81a1206fd3383b0673508e098656

    Score
    10/10
    amadeybabadedacrypterloadertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

      loadercrypterbabadeda

    • Babadeda Crypter

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks