amadey | d2408704c05959340b8c614a9fa116d74181d46483af950194cee408d4fb000f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2408704c05959340b8c614a9fa116d74181d46483af950194cee408d4fb000f
Size

324KB
Sample

230103-gcz22sac56
MD5

7ec045465664d7c24412440591b1e3fb
SHA1

36bd91aa5fd01ec075789a1840ad14ce07a234d7
SHA256

d2408704c05959340b8c614a9fa116d74181d46483af950194cee408d4fb000f
SHA512

c490daa40a863ef41cef4897932a8f0b6a80f88c9c675830c24b53658c7db4bf81fed76b4e79b5555686f6f3eabfc622d0c58e533b6a4411f9d89160b2521494
SSDEEP

6144:Mql/k+LY6g53304Trv4GXJU+SgQO8+BUs:MqlDs6yU43vPXJx9QX5

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.50

C2

193.56.146.243/h8V2cQlbd3/index.php

Targets

- Target
  
  d2408704c05959340b8c614a9fa116d74181d46483af950194cee408d4fb000f
- Size
  
  324KB
- MD5
  
  7ec045465664d7c24412440591b1e3fb
- SHA1
  
  36bd91aa5fd01ec075789a1840ad14ce07a234d7
- SHA256
  
  d2408704c05959340b8c614a9fa116d74181d46483af950194cee408d4fb000f
- SHA512
  
  c490daa40a863ef41cef4897932a8f0b6a80f88c9c675830c24b53658c7db4bf81fed76b4e79b5555686f6f3eabfc622d0c58e533b6a4411f9d89160b2521494
- SSDEEP
  
  6144:Mql/k+LY6g53304Trv4GXJU+SgQO8+BUs:MqlDs6yU43vPXJx9QX5
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2