amadey | a34f839bc5a58907aedaac2cd9446f13754989ba7b70b7650276f561af9eb630 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x000600000002312e-188.dat
Size

231KB
Sample

230508-kjrwsshg47
MD5

4dc3b0187faf7d70bec7dc0dbfe7f6d3
SHA1

d3213f34a8a89f2a7d3d36082ca8ebdbac1aca10
SHA256

a34f839bc5a58907aedaac2cd9446f13754989ba7b70b7650276f561af9eb630
SHA512

424cde74e9a190686b7209d13e992d0f8423382405ee9c8bf9de751dc974d83bd9f135658200fe801eee936f5e73c4a37ea21dab26236e261fed70e882a8ed03
SSDEEP

6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.70

C2

212.113.119.255/joomla/index.php

Targets

- Target
  
  0x000600000002312e-188.dat
- Size
  
  231KB
- MD5
  
  4dc3b0187faf7d70bec7dc0dbfe7f6d3
- SHA1
  
  d3213f34a8a89f2a7d3d36082ca8ebdbac1aca10
- SHA256
  
  a34f839bc5a58907aedaac2cd9446f13754989ba7b70b7650276f561af9eb630
- SHA512
  
  424cde74e9a190686b7209d13e992d0f8423382405ee9c8bf9de751dc974d83bd9f135658200fe801eee936f5e73c4a37ea21dab26236e261fed70e882a8ed03
- SSDEEP
  
  6144:mKVNIG75NpcElElt/DgK1yuFShFBr2D+:/5KE6LguFS7BB
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2