amadey | c7cb3b8c57b15c72be39ae0b2a47d57ea0396697194485929e34bd845493c803 | Triage

Sharing

General

Target

c7cb3b8c57b15c72be39ae0b2a47d57ea0396697194485929e34bd845493c803
Size

354KB
Sample

221122-mep8hsdd7z
MD5

0ed62dd67333c3edb3f2f8b432e0f868
SHA1

ca79dae9724e7c2171a4b2e3c8e609d494d6802a
SHA256

c7cb3b8c57b15c72be39ae0b2a47d57ea0396697194485929e34bd845493c803
SHA512

2fd512aec749359fb75c65a86c9bc38eefa8c2c629df2265448c2d5f2e15d0d931507650277682f8d85b79012bb37d5b1ad1eb64d38f10740bb254cc120423ef
SSDEEP

6144:f72Q+Hp3Ia4heX7tVCJf2o3X9ew22tThsIeGjY6YML:aHF19LtsJuo3b22ZVEpML

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.174/g84kvj4jck/index.php

Targets

- Target
  
  c7cb3b8c57b15c72be39ae0b2a47d57ea0396697194485929e34bd845493c803
- Size
  
  354KB
- MD5
  
  0ed62dd67333c3edb3f2f8b432e0f868
- SHA1
  
  ca79dae9724e7c2171a4b2e3c8e609d494d6802a
- SHA256
  
  c7cb3b8c57b15c72be39ae0b2a47d57ea0396697194485929e34bd845493c803
- SHA512
  
  2fd512aec749359fb75c65a86c9bc38eefa8c2c629df2265448c2d5f2e15d0d931507650277682f8d85b79012bb37d5b1ad1eb64d38f10740bb254cc120423ef
- SSDEEP
  
  6144:f72Q+Hp3Ia4heX7tVCJf2o3X9ew22tThsIeGjY6YML:aHF19LtsJuo3b22ZVEpML
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1