amadey | 1aba9ec8b802b12e0100327b1e14f41727fa88907a1d96f90eb28587c011e6ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1aba9ec8b802b12e0100327b1e14f41727fa88907a1d96f90eb28587c011e6ec
Size

206KB
Sample

221127-db6awsdg88
MD5

ab898823c245eadff4bb1b670ed83c8e
SHA1

c8af9fee1088cb029be9c836922051dff24bee09
SHA256

1aba9ec8b802b12e0100327b1e14f41727fa88907a1d96f90eb28587c011e6ec
SHA512

016611b63770c0a9ac498caf925496c0cf8771e5d213816fe13d2ee1ca87e0201ea16bbd03129d541b60a49f2d8ee34f98736c163ce3812f428878881c07a2b3
SSDEEP

3072:X38KyamcgBg3LB55eKOFPYpaUwkQklWr/08mwAeqndWRyTgYEeShyyL4IfBa1NvF:czaWg35UWNNFlC0CAAC+eShLkI419F

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Targets

- Target
  
  1aba9ec8b802b12e0100327b1e14f41727fa88907a1d96f90eb28587c011e6ec
- Size
  
  206KB
- MD5
  
  ab898823c245eadff4bb1b670ed83c8e
- SHA1
  
  c8af9fee1088cb029be9c836922051dff24bee09
- SHA256
  
  1aba9ec8b802b12e0100327b1e14f41727fa88907a1d96f90eb28587c011e6ec
- SHA512
  
  016611b63770c0a9ac498caf925496c0cf8771e5d213816fe13d2ee1ca87e0201ea16bbd03129d541b60a49f2d8ee34f98736c163ce3812f428878881c07a2b3
- SSDEEP
  
  3072:X38KyamcgBg3LB55eKOFPYpaUwkQklWr/08mwAeqndWRyTgYEeShyyL4IfBa1NvF:czaWg35UWNNFlC0CAAC+eShLkI419F
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1