amadey | 67d2a654bafe5bf876d25c1e6f36f795d8375b17b557e1ebb76f3f14cc044c83 | Triage

Sharing

General

Target

67d2a654bafe5bf876d25c1e6f36f795d8375b17b557e1ebb76f3f14cc044c83
Size

148KB
Sample

221127-zb1ajafh48
MD5

b9a6abe942c1910b8b38cfde1f9f22dc
SHA1

99c1720861f66483844c5f8cf11698958927d3dc
SHA256

67d2a654bafe5bf876d25c1e6f36f795d8375b17b557e1ebb76f3f14cc044c83
SHA512

0a0799b18b694b7e604104848bc435a54e1807e634c6dfbacce88fe6a79779db795bad3ef4d15f5ba6197507a1862e933d7c6719c5ad157600741a64371c5191
SSDEEP

3072:mvcf6svLX80itk5eDSiRFYDjT0jJkYieVBIz2jks:lf6q/iFGiRFwIjJkYBVBIHs

Score

10^/10

amadey smokeloader backdoor trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.134.65/o7VsjdSa2f/index.php

Targets

- Target
  
  67d2a654bafe5bf876d25c1e6f36f795d8375b17b557e1ebb76f3f14cc044c83
- Size
  
  148KB
- MD5
  
  b9a6abe942c1910b8b38cfde1f9f22dc
- SHA1
  
  99c1720861f66483844c5f8cf11698958927d3dc
- SHA256
  
  67d2a654bafe5bf876d25c1e6f36f795d8375b17b557e1ebb76f3f14cc044c83
- SHA512
  
  0a0799b18b694b7e604104848bc435a54e1807e634c6dfbacce88fe6a79779db795bad3ef4d15f5ba6197507a1862e933d7c6719c5ad157600741a64371c5191
- SSDEEP
  
  3072:mvcf6svLX80itk5eDSiRFYDjT0jJkYieVBIz2jks:lf6q/iFGiRFwIjJkYBVBIHs
Score

10^/10

amadey smokeloader backdoor trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

amadeysmokeloaderbackdoortrojan