amadey | 00911785ea624ec32f5390aa6a70b84270650e694e93ad5f201ed1ed87d7fb47 | Triage

Sharing

General

Target

00911785ea624ec32f5390aa6a70b84270650e694e93ad5f201ed1ed87d7fb47
Size

390KB
Sample

221203-jb2klafb48
MD5

62dec88eebe72a365ecdf1a6463476d0
SHA1

102e5a9d3eb556db2e10b1dd3c9596f5ba612fbc
SHA256

00911785ea624ec32f5390aa6a70b84270650e694e93ad5f201ed1ed87d7fb47
SHA512

9d7a29181acc6673d34240a7cba154641e4a13c5dced0b72af8b1112777d0d1f5602a255b86b23048ae31750e0b7650b616e49a4614d855ac81f8dcfd16daed9
SSDEEP

6144:ZG6XoA7cRu8FsDCF27KvgkG7ml4oGEgdIyuRBVvT1q6j:Z5oA7l5CQ7KYolBGsRBRf

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

62.204.41.252/nB8cWack3/index.php

Targets

- Target
  
  00911785ea624ec32f5390aa6a70b84270650e694e93ad5f201ed1ed87d7fb47
- Size
  
  390KB
- MD5
  
  62dec88eebe72a365ecdf1a6463476d0
- SHA1
  
  102e5a9d3eb556db2e10b1dd3c9596f5ba612fbc
- SHA256
  
  00911785ea624ec32f5390aa6a70b84270650e694e93ad5f201ed1ed87d7fb47
- SHA512
  
  9d7a29181acc6673d34240a7cba154641e4a13c5dced0b72af8b1112777d0d1f5602a255b86b23048ae31750e0b7650b616e49a4614d855ac81f8dcfd16daed9
- SSDEEP
  
  6144:ZG6XoA7cRu8FsDCF27KvgkG7ml4oGEgdIyuRBVvT1q6j:Z5oA7l5CQ7KYolBGsRBRf
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1