amadey | 51ea0a5196396acba14957e2661f59768b7f4b13992d451951918b4d2055ad9a | Triage

Sharing

General

Target

0x000800000001aedd-2430.dat
Size

230KB
Sample

230504-byn9sabe2s
MD5

55686b225145472377692046c4dd1cbe
SHA1

1094c273ac184f8b24a64a76dc50cea570eec381
SHA256

51ea0a5196396acba14957e2661f59768b7f4b13992d451951918b4d2055ad9a
SHA512

ce281b04510beaa5cd9b356635ecb29ab86f8165abb0eb3ea905053ef36a3be689f870e544d26e6092dc70b36321f11e2aedb5368de6bff2d63fe9dac0d6c0e0
SSDEEP

6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  0x000800000001aedd-2430.dat
- Size
  
  230KB
- MD5
  
  55686b225145472377692046c4dd1cbe
- SHA1
  
  1094c273ac184f8b24a64a76dc50cea570eec381
- SHA256
  
  51ea0a5196396acba14957e2661f59768b7f4b13992d451951918b4d2055ad9a
- SHA512
  
  ce281b04510beaa5cd9b356635ecb29ab86f8165abb0eb3ea905053ef36a3be689f870e544d26e6092dc70b36321f11e2aedb5368de6bff2d63fe9dac0d6c0e0
- SSDEEP
  
  6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2