amadey | f8f3395ef0fc0e5b1ef8b8fc4ef092f81e52db621f2e0f450b478922054f5d45 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f8f3395ef0fc0e5b1ef8b8fc4ef092f81e52db621f2e0f450b478922054f5d45
Size

202KB
Sample

221127-z9l6kaac55
MD5

e2c521712e5715ad7e0e15b5ddcd1857
SHA1

21bcbe9079e6a2ba6e6ef9976cd77106578669e3
SHA256

f8f3395ef0fc0e5b1ef8b8fc4ef092f81e52db621f2e0f450b478922054f5d45
SHA512

862e2a3829ffea1eb5d88bf0934714f08beabdf3cdeb23908661dd6239dccd1ca194870cd8301885e7cb494dcfbd7478116ae9870748fa3ea1c152e7aa3c6eec
SSDEEP

3072:ELgcUgDwJwv+5MMi1Av2fhIoHp8KdU2llPlF9iF1naI2L0jfY43dmEU12Nw:vcpwJw1tEmHHCKq2hEaHL0jfY47Vw

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.17/hfk3vK9/index.php

Targets

- Target
  
  f8f3395ef0fc0e5b1ef8b8fc4ef092f81e52db621f2e0f450b478922054f5d45
- Size
  
  202KB
- MD5
  
  e2c521712e5715ad7e0e15b5ddcd1857
- SHA1
  
  21bcbe9079e6a2ba6e6ef9976cd77106578669e3
- SHA256
  
  f8f3395ef0fc0e5b1ef8b8fc4ef092f81e52db621f2e0f450b478922054f5d45
- SHA512
  
  862e2a3829ffea1eb5d88bf0934714f08beabdf3cdeb23908661dd6239dccd1ca194870cd8301885e7cb494dcfbd7478116ae9870748fa3ea1c152e7aa3c6eec
- SSDEEP
  
  3072:ELgcUgDwJwv+5MMi1Av2fhIoHp8KdU2llPlF9iF1naI2L0jfY43dmEU12Nw:vcpwJw1tEmHHCKq2hEaHL0jfY47Vw
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1