amadey

General

Target

setup.exe
Size

270KB
Sample

230327-a6cqaacg2v
MD5

09529691c435ed46a0422708924e0472
SHA1

ad73084360e5ffb5e9a9746657f54d3d82833c92
SHA256

64b2e7b56666743d248603e9c949e06576732047254ad4b886a9f85acb43d4d5
SHA512

c0c84f71a4a17e08e92233aab1da0d751ea36e5798f2ce46f1b0a24d8ab9945eae5ebf5cfc33fe494de86df9ef03d98742e53c871f910d36dce16dbce2bf4afd
SSDEEP

3072:qq+PI4A+RFAbbczH88n+vMhkBnNYKjLwWqFyW3XptpUn78F:x4LCbbc788hQpHcyW3V

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/

rc4.i32

Extracted

Family

amadey

Version

3.68

C2

specialblue.in/dF30Hn4m/index.php

specialblue.pm/dF30Hn4m/index.php

specialblue.wf/dF30Hn4m/index.php

Targets

- Target
  
  setup.exe
- Size
  
  270KB
- MD5
  
  09529691c435ed46a0422708924e0472
- SHA1
  
  ad73084360e5ffb5e9a9746657f54d3d82833c92
- SHA256
  
  64b2e7b56666743d248603e9c949e06576732047254ad4b886a9f85acb43d4d5
- SHA512
  
  c0c84f71a4a17e08e92233aab1da0d751ea36e5798f2ce46f1b0a24d8ab9945eae5ebf5cfc33fe494de86df9ef03d98742e53c871f910d36dce16dbce2bf4afd
- SSDEEP
  
  3072:qq+PI4A+RFAbbczH88n+vMhkBnNYKjLwWqFyW3XptpUn78F:x4LCbbc788hQpHcyW3V
Score

10^/10

smokeloader sprg backdoor trojan amadey
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

SmokeLoader

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2