amadey | 1973ce7854429d38763a3e3b827b19a13622a1020fed7a23452434183107c327 | Triage

Sharing

General

Target

0x00070000000139fc-105.dat
Size

209KB
Sample

230609-a7n5psae86
MD5

28d89d8983577e1ce23c11e5990eb5fc
SHA1

bceb5e8e8f92da5c6144454824b254a745bc808e
SHA256

1973ce7854429d38763a3e3b827b19a13622a1020fed7a23452434183107c327
SHA512

c4faee63dc7731994ef07b700c83490826f1131e1299c15171a569231d3686bc13bbd0c89383169263a384d5652624582c5d5b1d16c477254e2bc0c2762b0b2b
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x00070000000139fc-105.dat
- Size
  
  209KB
- MD5
  
  28d89d8983577e1ce23c11e5990eb5fc
- SHA1
  
  bceb5e8e8f92da5c6144454824b254a745bc808e
- SHA256
  
  1973ce7854429d38763a3e3b827b19a13622a1020fed7a23452434183107c327
- SHA512
  
  c4faee63dc7731994ef07b700c83490826f1131e1299c15171a569231d3686bc13bbd0c89383169263a384d5652624582c5d5b1d16c477254e2bc0c2762b0b2b
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2