amadey | d2a7c5d0009a9e382295763e4f62ef22ea064a5877d1e78750e0a17c8d938b70 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2a7c5d0009a9e382295763e4f62ef22ea064a5877d1e78750e0a17c8d938b70
Size

324KB
Sample

230103-gc411ade5t
MD5

abf699474de0d2f67c6a86b17070f79f
SHA1

ce1e2d038e1806081ac2efee8a6c92cf5af43f8f
SHA256

d2a7c5d0009a9e382295763e4f62ef22ea064a5877d1e78750e0a17c8d938b70
SHA512

acb89e5413bdb6c6c10ea3f4ccbe28e4f7c114a0220e3e1a5b7a1c8fe4e7e54815e0a976be9d8b48a3c53e425c780bc1df15375c368cc3ef174bd4e70866fb2b
SSDEEP

3072:Y/cql+amAgTt5NFI1/Cf+o2CEGoRbUQx3Tibu0TRUmGr0ch6lokfMMjm/s4E:/qoTt6o2CEpRbhx3QlAZUNM

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.243/h8V2cQlbd3/index.php

Targets

- Target
  
  d2a7c5d0009a9e382295763e4f62ef22ea064a5877d1e78750e0a17c8d938b70
- Size
  
  324KB
- MD5
  
  abf699474de0d2f67c6a86b17070f79f
- SHA1
  
  ce1e2d038e1806081ac2efee8a6c92cf5af43f8f
- SHA256
  
  d2a7c5d0009a9e382295763e4f62ef22ea064a5877d1e78750e0a17c8d938b70
- SHA512
  
  acb89e5413bdb6c6c10ea3f4ccbe28e4f7c114a0220e3e1a5b7a1c8fe4e7e54815e0a976be9d8b48a3c53e425c780bc1df15375c368cc3ef174bd4e70866fb2b
- SSDEEP
  
  3072:Y/cql+amAgTt5NFI1/Cf+o2CEGoRbUQx3Tibu0TRUmGr0ch6lokfMMjm/s4E:/qoTt6o2CEpRbhx3QlAZUNM
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2