Overview

overview

10

Static

static

6dd10b6153...80.exe

windows7_x64

10

6dd10b6153...80.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6dd10b61532200492b3265a46566b90cb99cdd017953406417b52a1dd4f23b80

  • Size

    712KB

  • Sample

    220515-1nmewagee8

  • MD5

    498301dff1d97f419f84a8dc01f71421

  • SHA1

    188be8e606cfc2179251d6efe50c98c898f3daa3

  • SHA256

    6dd10b61532200492b3265a46566b90cb99cdd017953406417b52a1dd4f23b80

  • SHA512

    71f6c63f7010d4afa49853e8bb1c9678d2cb52adce3648924f62f8b5968bd4b9df3fe07d244ff609be6208ee2186d105508f95b9d587dedfca153707754fc316

Score
10/10
amadeytrojan

Malware Config

Extracted

Family

amadey

Version

1.99

C2

217.8.117.41/nbDcw2d/index.php

Targets

    • Target

      6dd10b61532200492b3265a46566b90cb99cdd017953406417b52a1dd4f23b80

    • Size

      712KB

    • MD5

      498301dff1d97f419f84a8dc01f71421

    • SHA1

      188be8e606cfc2179251d6efe50c98c898f3daa3

    • SHA256

      6dd10b61532200492b3265a46566b90cb99cdd017953406417b52a1dd4f23b80

    • SHA512

      71f6c63f7010d4afa49853e8bb1c9678d2cb52adce3648924f62f8b5968bd4b9df3fe07d244ff609be6208ee2186d105508f95b9d587dedfca153707754fc316

    Score
    10/10
    amadeytrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks