amadey | 470138ea67a6aafb0059bd41949d7052a9b9b3fef615acd880c6c29df3db083e | Triage

Sharing

General

Target

470138ea67a6aafb0059bd41949d7052a9b9b3fef615acd880c6c29df3db083e
Size

244KB
Sample

221123-sl9hmaeg3s
MD5

0906eebf6f5fd1f9029e4bc6f81a636d
SHA1

938df93f0f7ebb8f31a2d2e57c2447d17a0737b8
SHA256

470138ea67a6aafb0059bd41949d7052a9b9b3fef615acd880c6c29df3db083e
SHA512

dad5fbcb96ebfb5c29d3fc3f46528ad46dce70acd67ee257b288ad58224117f90919ebce2693b4df9db7ba86f79fa417ff6b6b21c27a837e4d36d7c2b8ef7af6
SSDEEP

6144:wuh1kLkzOqq8CW1V8Hcc9JOkbztWp4vW677CNZwVLL:wuh1kxqq8HrIDvHfCNW

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.174/g84kvj4jck/index.php

Targets

- Target
  
  470138ea67a6aafb0059bd41949d7052a9b9b3fef615acd880c6c29df3db083e
- Size
  
  244KB
- MD5
  
  0906eebf6f5fd1f9029e4bc6f81a636d
- SHA1
  
  938df93f0f7ebb8f31a2d2e57c2447d17a0737b8
- SHA256
  
  470138ea67a6aafb0059bd41949d7052a9b9b3fef615acd880c6c29df3db083e
- SHA512
  
  dad5fbcb96ebfb5c29d3fc3f46528ad46dce70acd67ee257b288ad58224117f90919ebce2693b4df9db7ba86f79fa417ff6b6b21c27a837e4d36d7c2b8ef7af6
- SSDEEP
  
  6144:wuh1kLkzOqq8CW1V8Hcc9JOkbztWp4vW677CNZwVLL:wuh1kxqq8HrIDvHfCNW
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1