amadey | 1de852bd90636a3d75a91ce249d5ae4a777d04064847e404295ac0bb647b4687 | Triage

Sharing

General

Target

amadey_v2.bin
Size

188KB
Sample

230510-pxdnjsga53
MD5

361cad979b8efd8a32647efef5ea08b3
SHA1

bdcde6402e9b7d6ea3ba7def710c5f68c4bbab46
SHA256

1de852bd90636a3d75a91ce249d5ae4a777d04064847e404295ac0bb647b4687
SHA512

fa77906df9c98308feffbb0d12b228fb13341a1253bb90b82248a34c04eb5c81b3dfbc9724514ed8b1226e1a89c07ad07dfd8f08758c2ae423fc124e92c1275c
SSDEEP

3072:+QCFPNk72p7iLtBX6XNs8Bt747erjuKGZqpRMWZBQAMbmn:+QCFPtp7i5BKXnP7puKGWoe

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

2.08

C2

45.155.205.65/b1a5gkSc2/index.php

Targets

- Target
  
  amadey_v2.bin
- Size
  
  188KB
- MD5
  
  361cad979b8efd8a32647efef5ea08b3
- SHA1
  
  bdcde6402e9b7d6ea3ba7def710c5f68c4bbab46
- SHA256
  
  1de852bd90636a3d75a91ce249d5ae4a777d04064847e404295ac0bb647b4687
- SHA512
  
  fa77906df9c98308feffbb0d12b228fb13341a1253bb90b82248a34c04eb5c81b3dfbc9724514ed8b1226e1a89c07ad07dfd8f08758c2ae423fc124e92c1275c
- SSDEEP
  
  3072:+QCFPNk72p7iLtBX6XNs8Bt747erjuKGZqpRMWZBQAMbmn:+QCFPtp7i5BKXnP7puKGWoe
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2