amadey | f85ac9b305875f0981c04c50a7771c43741ed5a1c43511567f12a94b2c91dd19 | Triage

Sharing

General

Target

0x00070000000139ea-92.dat
Size

210KB
Sample

230609-e26vsabf9t
MD5

6618942dce4c2f381799cf8fa5a71302
SHA1

5ba7abe9e3611f1b0eae4ec2a5193fb8b385e4b7
SHA256

f85ac9b305875f0981c04c50a7771c43741ed5a1c43511567f12a94b2c91dd19
SHA512

9cbce0718b194ec477778076c2f807b41697cc5dd640e7447b23cae80d749df2ea57732d42d6500eda9bb2cc1d444987b2db3fc5acd57b69cfad1337ee7270fb
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x00070000000139ea-92.dat
- Size
  
  210KB
- MD5
  
  6618942dce4c2f381799cf8fa5a71302
- SHA1
  
  5ba7abe9e3611f1b0eae4ec2a5193fb8b385e4b7
- SHA256
  
  f85ac9b305875f0981c04c50a7771c43741ed5a1c43511567f12a94b2c91dd19
- SHA512
  
  9cbce0718b194ec477778076c2f807b41697cc5dd640e7447b23cae80d749df2ea57732d42d6500eda9bb2cc1d444987b2db3fc5acd57b69cfad1337ee7270fb
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2