amadey | e518001cf608d1d5ab2d2efcee2bdb73bea11041b6019df4dceb090e19ea64aa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e518001cf608d1d5ab2d2efcee2bdb73bea11041b6019df4dceb090e19ea64aa
Size

382KB
Sample

221203-fzt9msgf83
MD5

3b28630c113ec62535060dd4e3bc1962
SHA1

e506bc344eae38ff1b2e7f73660a0235d5f51669
SHA256

e518001cf608d1d5ab2d2efcee2bdb73bea11041b6019df4dceb090e19ea64aa
SHA512

912b2f26ecd0fc8e9239a364f4601cb195c2f34ebdd67dcab865278bff46e541d8837313bb63d730d36d775643561847207041afe94be3e8f24c0396ebf7cab5
SSDEEP

6144:IVxIAxLQ8e/gcR3BZlI066vfciCIU/uR8Cejp:IbBx+/gqBZep6MJIUWRza

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.134.66/o7Vsjd3a2f/index.php

Targets

- Target
  
  e518001cf608d1d5ab2d2efcee2bdb73bea11041b6019df4dceb090e19ea64aa
- Size
  
  382KB
- MD5
  
  3b28630c113ec62535060dd4e3bc1962
- SHA1
  
  e506bc344eae38ff1b2e7f73660a0235d5f51669
- SHA256
  
  e518001cf608d1d5ab2d2efcee2bdb73bea11041b6019df4dceb090e19ea64aa
- SHA512
  
  912b2f26ecd0fc8e9239a364f4601cb195c2f34ebdd67dcab865278bff46e541d8837313bb63d730d36d775643561847207041afe94be3e8f24c0396ebf7cab5
- SSDEEP
  
  6144:IVxIAxLQ8e/gcR3BZlI066vfciCIU/uR8Cejp:IbBx+/gqBZep6MJIUWRza
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2