amadey | 5cb128680b39d7fdcd19d7f103010191c5aeebe54742e88fdd0dab328482064c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0x00080000...78.exe

windows7-x64

0x00080000...78.exe

windows10-2004-x64

Sharing

General

Target

0x00080000000122ef-178.dat
Size

229KB
Sample

230503-ar85yaeh3s
MD5

d4ff1fbfe2e4d2739e5c862ce5ad0688
SHA1

b8cf627d6299bb6d79ff8b745c5e54f0b9046f6b
SHA256

5cb128680b39d7fdcd19d7f103010191c5aeebe54742e88fdd0dab328482064c
SHA512

537cece70995c092673e620f66bacec7bd841bfa0e19108dcca0514cbd6d54c7291d1ab54c053f962c9f28ba5a2e95c5ce712883ce3c664b08097e38f5972062
SSDEEP

6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

Score

10^/10

amadey trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x00080000000122ef-178.exe

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00080000000122ef-178.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  0x00080000000122ef-178.dat
- Size
  
  229KB
- MD5
  
  d4ff1fbfe2e4d2739e5c862ce5ad0688
- SHA1
  
  b8cf627d6299bb6d79ff8b745c5e54f0b9046f6b
- SHA256
  
  5cb128680b39d7fdcd19d7f103010191c5aeebe54742e88fdd0dab328482064c
- SHA512
  
  537cece70995c092673e620f66bacec7bd841bfa0e19108dcca0514cbd6d54c7291d1ab54c053f962c9f28ba5a2e95c5ce712883ce3c664b08097e38f5972062
- SSDEEP
  
  6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy