amadey | 8bff018ecf629fbcc40824596e7b1d693e4eb4540b1bb67c31ebe14a09ba927f | Triage

Sharing

General

Target

0x00090000000122ea-1068.dat
Size

228KB
Sample

230328-vq38hscb63
MD5

d6b7bfaed247ac3d9668cd1af4e92fd0
SHA1

e0228189cc5aaee3be86c6e9e604b82b3e3b96a3
SHA256

8bff018ecf629fbcc40824596e7b1d693e4eb4540b1bb67c31ebe14a09ba927f
SHA512

d8263c2a6f42186be5a5461f73dcb8809a13e1dc1518abb864b2c920157e898d3becdfb538013f26dd7304cd03fc419448156cafa29c8e1219393b9beeea4c7b
SSDEEP

6144:4rzyIG8IcCnD5A2QdY8rWpau1CYUqfhYdMBg:KmlLnD5qdY8Fu1CYUehrBg

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.68

C2

31.41.244.200/games/category/index.php

Targets

- Target
  
  0x00090000000122ea-1068.dat
- Size
  
  228KB
- MD5
  
  d6b7bfaed247ac3d9668cd1af4e92fd0
- SHA1
  
  e0228189cc5aaee3be86c6e9e604b82b3e3b96a3
- SHA256
  
  8bff018ecf629fbcc40824596e7b1d693e4eb4540b1bb67c31ebe14a09ba927f
- SHA512
  
  d8263c2a6f42186be5a5461f73dcb8809a13e1dc1518abb864b2c920157e898d3becdfb538013f26dd7304cd03fc419448156cafa29c8e1219393b9beeea4c7b
- SSDEEP
  
  6144:4rzyIG8IcCnD5A2QdY8rWpau1CYUqfhYdMBg:KmlLnD5qdY8Fu1CYUehrBg
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2