amadey | 46b06cf3946145ad58081131067df324905b03271e8e1a2d215a9eca6feb8e3b | Triage

Analysis

max time kernel
380s
max time network
429s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 14:36

Sharing

Report Analysis Logs

General

Target

file.exe
Size

207KB
MD5

3aac99a54cfdd924ec513a839b25e03b
SHA1

0ba641dc2a9feb7d686a8750d33402ef77402918
SHA256

46b06cf3946145ad58081131067df324905b03271e8e1a2d215a9eca6feb8e3b
SHA512

27ee9716d48542b602ccbcc4fc7896340621bad3acd252e952744b0460e461f5d13721dc0628541cfca7ca926590b139798cd452f3dded22e2454eb015f7148a
SSDEEP

3072:ixjTCc9AiGJlcn5q1Wf1PMaWFYRri6CEDBDY6wTwgdxfcXOWq3APnLRPHc:kTCqAiQlrWf1kXGNBckgHBTQjRP

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/400-132-0x0000000000B8D000-0x0000000000BAC000-memory.dmp

Filesize
124KB

Download
memory/400-133-0x00000000001C0000-0x00000000001FE000-memory.dmp

Filesize
248KB

Download
memory/400-134-0x0000000000400000-0x0000000000AE6000-memory.dmp

Filesize
6.9MB

Download
memory/400-135-0x0000000000B8D000-0x0000000000BAC000-memory.dmp

Filesize
124KB

Download