amadey | 74a7e002e7bc3aa7cf8bdf70189ee41215d85faa43070c837129dcb0e0d55ca9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

si929359.exe
Size

395KB
Sample

230415-2cfcvshe7w
MD5

d0f6446729649ac0ed8a001b2935db90
SHA1

acb4e10b42c73a85f16fc337305e40d3b1622b28
SHA256

74a7e002e7bc3aa7cf8bdf70189ee41215d85faa43070c837129dcb0e0d55ca9
SHA512

8e3de4ad2164f8eb3cc00007f7ff54f9fd8ff8ef2a42ba67b40eb0347747d11ddadb51e7530d637bc107c9513b1df65e895ef7eaf6622d09554b27d6c05d5c0e
SSDEEP

6144:/VIWoyE/hsOX8wVyJ5FYUlzTBxHpMLIWvihkOdFLDLCybbsyt:/VI/yeh1X8XJ5eUlzT3AMhfDLCob

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

193.201.9.43/plays/chapter/index.php

Targets

- Target
  
  si929359.exe
- Size
  
  395KB
- MD5
  
  d0f6446729649ac0ed8a001b2935db90
- SHA1
  
  acb4e10b42c73a85f16fc337305e40d3b1622b28
- SHA256
  
  74a7e002e7bc3aa7cf8bdf70189ee41215d85faa43070c837129dcb0e0d55ca9
- SHA512
  
  8e3de4ad2164f8eb3cc00007f7ff54f9fd8ff8ef2a42ba67b40eb0347747d11ddadb51e7530d637bc107c9513b1df65e895ef7eaf6622d09554b27d6c05d5c0e
- SSDEEP
  
  6144:/VIWoyE/hsOX8wVyJ5FYUlzTBxHpMLIWvihkOdFLDLCybbsyt:/VI/yeh1X8XJ5eUlzT3AMhfDLCob
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2