amadey | 7a5dc9b020b2db83c02509a7671793176e4ead3b7fa902f9173769edd9942cd7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a5dc9b020b2db83c02509a7671793176e4ead3b7fa902f9173769edd9942cd7
Size

415KB
Sample

221206-xgmwaagc2t
MD5

c43e7e1673775ef06e84526108401a4f
SHA1

9486839f10445a10d6dadfa78929eed5a8f54605
SHA256

7a5dc9b020b2db83c02509a7671793176e4ead3b7fa902f9173769edd9942cd7
SHA512

2c08e1e2ffd8dfbe206d5481928bc0e7ee9744effd003646e9b8ef633c770f4abcd3696cfda043ea1cce54da64f665f2c835598ebf27a8126c3093ae5544ca9e
SSDEEP

6144:bv/ZZLZxLJONqwRH9RqFcX9KY30ofe2WcoBlCsTWgYaV:bvRZlx1ONquGc330o6cWCsq

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

77.73.133.72/hfk3vK9/index.php

Targets

- Target
  
  7a5dc9b020b2db83c02509a7671793176e4ead3b7fa902f9173769edd9942cd7
- Size
  
  415KB
- MD5
  
  c43e7e1673775ef06e84526108401a4f
- SHA1
  
  9486839f10445a10d6dadfa78929eed5a8f54605
- SHA256
  
  7a5dc9b020b2db83c02509a7671793176e4ead3b7fa902f9173769edd9942cd7
- SHA512
  
  2c08e1e2ffd8dfbe206d5481928bc0e7ee9744effd003646e9b8ef633c770f4abcd3696cfda043ea1cce54da64f665f2c835598ebf27a8126c3093ae5544ca9e
- SSDEEP
  
  6144:bv/ZZLZxLJONqwRH9RqFcX9KY30ofe2WcoBlCsTWgYaV:bvRZlx1ONquGc330o6cWCsq
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1