amadey | e3ae425e3f8c5f7144718c02caa3f923e075619218a52e36264dc1df1ade79b8 | Triage

Sharing

General

Target

0x0007000000014b0d-1070.dat
Size

228KB
Sample

230328-tc11kabh43
MD5

cb3aa5fe6fd4f11748b02608ecc34b60
SHA1

51d1ee01f8708da80b3ad7ef8a26e2369af0ec76
SHA256

e3ae425e3f8c5f7144718c02caa3f923e075619218a52e36264dc1df1ade79b8
SHA512

6c109832b5f14c148bac1402c1325cb90f60c8b578c5659bd556b04dd9cef1fd526ff264e87c7e5c046101b19b4f8484801955d529a45336a1c7ff7d98c096ca
SSDEEP

6144:4rzyIG8IcCnD5A2QdY8rWpau1CYUqfhYdMBg:KmlLnD5qdY8Fu1CYUehrBg

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

- Target
  
  0x0007000000014b0d-1070.dat
- Size
  
  228KB
- MD5
  
  cb3aa5fe6fd4f11748b02608ecc34b60
- SHA1
  
  51d1ee01f8708da80b3ad7ef8a26e2369af0ec76
- SHA256
  
  e3ae425e3f8c5f7144718c02caa3f923e075619218a52e36264dc1df1ade79b8
- SHA512
  
  6c109832b5f14c148bac1402c1325cb90f60c8b578c5659bd556b04dd9cef1fd526ff264e87c7e5c046101b19b4f8484801955d529a45336a1c7ff7d98c096ca
- SSDEEP
  
  6144:4rzyIG8IcCnD5A2QdY8rWpau1CYUqfhYdMBg:KmlLnD5qdY8Fu1CYUehrBg
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2