amadey | dadf282ee7b15351f225505701d7bf8e54979311db53c0be6900fff58cb85a66 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x000600000002316d2443.dat
Size

230KB
Sample

230506-zarxrsbh76
MD5

72232a4429fdf6e0d43295ccd41223cc
SHA1

f2e479c6e50aee9866dc31135d546a9435723075
SHA256

dadf282ee7b15351f225505701d7bf8e54979311db53c0be6900fff58cb85a66
SHA512

fb92201d035121e2661f8d7db31c8ca3189d25172b0611bf2ab58cdb963405ad32ae003c851152d01f297ba4b6d56d1981d0dd3eb4e0d500dc838475b0c9cce3
SSDEEP

6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  0x000600000002316d2443.dat
- Size
  
  230KB
- MD5
  
  72232a4429fdf6e0d43295ccd41223cc
- SHA1
  
  f2e479c6e50aee9866dc31135d546a9435723075
- SHA256
  
  dadf282ee7b15351f225505701d7bf8e54979311db53c0be6900fff58cb85a66
- SHA512
  
  fb92201d035121e2661f8d7db31c8ca3189d25172b0611bf2ab58cdb963405ad32ae003c851152d01f297ba4b6d56d1981d0dd3eb4e0d500dc838475b0c9cce3
- SSDEEP
  
  6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2