amadey | 572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

572a73429f...b4.exe

windows7-x64

572a73429f...b4.exe

windows10-2004-x64

Sharing

General

Target

572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4.exe
Size

279KB
Sample

221201-nmj7xagd8t
MD5

e22b8a98049d7b829f95f2e50682d5b1
SHA1

11e2abb1d17d91c870fbf7c79473214dc9140e23
SHA256

572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4
SHA512

b3de7056ac5296039c1032c9427dd0d10db5cafd2adfff7918e4f98e9ffc61548414755ba4325a6eb9fc43cded0994da52a5842232e65f3697c9416e085757f8
SSDEEP

6144:lAuinvG8S/i0Pr7O4aUopaYaUkHhSfbr5:lVivGr/i0PreEBH0fbr

Score

10^/10

amadey smokeloader backdoor trojan

Static task

static1

Behavioral task

behavioral1

Sample

572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4.exe

Resource

win10v2004-20221111-en

amadey smokeloader backdoor trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.50

C2

62.204.41.252/nB8cWack3/index.php

Targets

- Target
  
  572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4.exe
- Size
  
  279KB
- MD5
  
  e22b8a98049d7b829f95f2e50682d5b1
- SHA1
  
  11e2abb1d17d91c870fbf7c79473214dc9140e23
- SHA256
  
  572a73429f8b673f5b3188cae34f550c8177615004b9bd8f5779ac96af770cb4
- SHA512
  
  b3de7056ac5296039c1032c9427dd0d10db5cafd2adfff7918e4f98e9ffc61548414755ba4325a6eb9fc43cded0994da52a5842232e65f3697c9416e085757f8
- SSDEEP
  
  6144:lAuinvG8S/i0Pr7O4aUopaYaUkHhSfbr5:lVivGr/i0PreEBH0fbr
Score

10^/10

smokeloader backdoor trojan amadey
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

amadeysmokeloaderbackdoortrojan

© 2018-2025

Terms | Privacy