amadey | 5655d71f4e4151e4e6117a5ba0d5ca8592354a97a18b4df74201846dd1a4f88c | Triage

Sharing

General

Target

5655d71f4e4151e4e6117a5ba0d5ca8592354a97a18b4df74201846dd1a4f88c
Size

324KB
Sample

230103-f4byvsdc3w
MD5

05f30530f22d03d8454e8eed115d1425
SHA1

868a1b1ccbe54427fcb2f918b1be3d0b0f1889c6
SHA256

5655d71f4e4151e4e6117a5ba0d5ca8592354a97a18b4df74201846dd1a4f88c
SHA512

caca6e63db3053177258c6bdc86098b27850a1b5960bebcc3f9471cdfa83f48f3fd0fb6a12d410129eebd0cce0b7611f52d931b0332c4920e57d423bad6ece5d
SSDEEP

3072:Sp/Tqf+jAg/t5N50Yr3EZW+opHiX7Lig9tjY75Y2JAjC/mJUcA35or15Cr2cYE:Mqo/ti8UU+oRlg96XJAG+Op2c

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

31.41.244.15/Mb1sDv3/index.php

Targets

- Target
  
  5655d71f4e4151e4e6117a5ba0d5ca8592354a97a18b4df74201846dd1a4f88c
- Size
  
  324KB
- MD5
  
  05f30530f22d03d8454e8eed115d1425
- SHA1
  
  868a1b1ccbe54427fcb2f918b1be3d0b0f1889c6
- SHA256
  
  5655d71f4e4151e4e6117a5ba0d5ca8592354a97a18b4df74201846dd1a4f88c
- SHA512
  
  caca6e63db3053177258c6bdc86098b27850a1b5960bebcc3f9471cdfa83f48f3fd0fb6a12d410129eebd0cce0b7611f52d931b0332c4920e57d423bad6ece5d
- SSDEEP
  
  3072:Sp/Tqf+jAg/t5N50Yr3EZW+opHiX7Lig9tjY75Y2JAjC/mJUcA35or15Cr2cYE:Mqo/ti8UU+oRlg96XJAG+Op2c
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2