amadey | 8f8fc01ff9ba7d91ca5667e217b2841d3846f185da65b9d2c3fc8482717aae34 | Triage

Sharing

General

Target

0x0007000000013a0c-179.dat
Size

229KB
Sample

230503-asc4wsdb26
MD5

d63b8a410ef0c66c4c89dc56271cd296
SHA1

673cea0af1de74b40a5793d4e9fb6a8a765a23a4
SHA256

8f8fc01ff9ba7d91ca5667e217b2841d3846f185da65b9d2c3fc8482717aae34
SHA512

a2013d902ea74ea2cddb6889d7f01eef572a6a505de2b89cfeb60bd061e6b0c4275cf26c33a11d14a76d7472d3267396c1baa2fe43c7aecdcbee5c2bf3bc03e0
SSDEEP

6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  0x0007000000013a0c-179.dat
- Size
  
  229KB
- MD5
  
  d63b8a410ef0c66c4c89dc56271cd296
- SHA1
  
  673cea0af1de74b40a5793d4e9fb6a8a765a23a4
- SHA256
  
  8f8fc01ff9ba7d91ca5667e217b2841d3846f185da65b9d2c3fc8482717aae34
- SHA512
  
  a2013d902ea74ea2cddb6889d7f01eef572a6a505de2b89cfeb60bd061e6b0c4275cf26c33a11d14a76d7472d3267396c1baa2fe43c7aecdcbee5c2bf3bc03e0
- SSDEEP
  
  6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2