amadey | befbf207152240326513512a156bc14c069e860362117d6e1f5bcebcf804f612 | Triage

Sharing

General

Target

0x00090000000122d9-115.dat
Size

230KB
Sample

230506-qj7j5sbe8v
MD5

c3b8512a9c83a0dd98c74890014c6c7a
SHA1

f4ac730ecd331d88dfc9a19a7df3bf6fe95e8844
SHA256

befbf207152240326513512a156bc14c069e860362117d6e1f5bcebcf804f612
SHA512

7c07beff123703fa1a484662881b5b0f90fd49173403fd61587d47475401cba5af2a250d8ae1c02f4a10bf1aae90c8deb5b7c7170f0ea65aef86da5128307c98
SSDEEP

6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  0x00090000000122d9-115.dat
- Size
  
  230KB
- MD5
  
  c3b8512a9c83a0dd98c74890014c6c7a
- SHA1
  
  f4ac730ecd331d88dfc9a19a7df3bf6fe95e8844
- SHA256
  
  befbf207152240326513512a156bc14c069e860362117d6e1f5bcebcf804f612
- SHA512
  
  7c07beff123703fa1a484662881b5b0f90fd49173403fd61587d47475401cba5af2a250d8ae1c02f4a10bf1aae90c8deb5b7c7170f0ea65aef86da5128307c98
- SSDEEP
  
  6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2