amadey | 0dacc460376771286129c8da21b215624b8f257c1378b64b22881d9eb1d60d2a | Triage

Sharing

General

Target

0x00070000000126c9-92.dat
Size

210KB
Sample

230609-fpclvaba48
MD5

7819be097401ffe466340ec847c84dd9
SHA1

31dbd2a4307ce1d3ef947f15cf3c87cf81dd8229
SHA256

0dacc460376771286129c8da21b215624b8f257c1378b64b22881d9eb1d60d2a
SHA512

99f762c16590059c2c65edaadd68a07d6468d0a910768819b4696cdf149bf86d008c7c825bc3b1f6ebf64ec8371e8be65a2bb463a3adf330a82fa8a8a2dc62a4
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x00070000000126c9-92.dat
- Size
  
  210KB
- MD5
  
  7819be097401ffe466340ec847c84dd9
- SHA1
  
  31dbd2a4307ce1d3ef947f15cf3c87cf81dd8229
- SHA256
  
  0dacc460376771286129c8da21b215624b8f257c1378b64b22881d9eb1d60d2a
- SHA512
  
  99f762c16590059c2c65edaadd68a07d6468d0a910768819b4696cdf149bf86d008c7c825bc3b1f6ebf64ec8371e8be65a2bb463a3adf330a82fa8a8a2dc62a4
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2