amadey | 2377661d79045ec2697eebbbd3f5499de423b32db5724eaeb8a5350bee7a7292 | Triage

Sharing

General

Target

2377661d79045ec2697eebbbd3f5499de423b32db5724eaeb8a5350bee7a7292
Size

423KB
Sample

221206-2qyrcseb7s
MD5

63d328bafb89e59b83eaadebc7377a0f
SHA1

b46d01df7dbb1b9a75b0e6162f45c70e5203a9cf
SHA256

2377661d79045ec2697eebbbd3f5499de423b32db5724eaeb8a5350bee7a7292
SHA512

4ac1fdb0c2ba80743101149d0ad8a79ce16cc2612034d0be87f0d5a7580f439a3dfbfcbc1740652870745f5204c3b925c8b34a2f6c2d3d86328d8d215a2edb3b
SSDEEP

6144:Dn4+eZrkLxPUM0DBp5wjWhG0BCIbY5zAWcoBlCqOWKdaVe:z47Zg9PU3z2/MbY5fcWCDd3

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.133.72/hfk3vK9/index.php

Targets

- Target
  
  2377661d79045ec2697eebbbd3f5499de423b32db5724eaeb8a5350bee7a7292
- Size
  
  423KB
- MD5
  
  63d328bafb89e59b83eaadebc7377a0f
- SHA1
  
  b46d01df7dbb1b9a75b0e6162f45c70e5203a9cf
- SHA256
  
  2377661d79045ec2697eebbbd3f5499de423b32db5724eaeb8a5350bee7a7292
- SHA512
  
  4ac1fdb0c2ba80743101149d0ad8a79ce16cc2612034d0be87f0d5a7580f439a3dfbfcbc1740652870745f5204c3b925c8b34a2f6c2d3d86328d8d215a2edb3b
- SSDEEP
  
  6144:Dn4+eZrkLxPUM0DBp5wjWhG0BCIbY5zAWcoBlCqOWKdaVe:z47Zg9PU3z2/MbY5fcWCDd3
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1