amadey | 6430fc1c0ee7a3f739ce36caf0a20bef80a8dc67d9fa2fc06a8c24b00d6d2492 | Triage

Sharing

General

Target

0x00080000000122ec-137.dat
Size

210KB
Sample

230609-kdaqbsbf53
MD5

28e39d940e186e111f8b7e5139e1227e
SHA1

7f8efbd96c63dc176fe1d0dc3e379a3aa911b4d9
SHA256

6430fc1c0ee7a3f739ce36caf0a20bef80a8dc67d9fa2fc06a8c24b00d6d2492
SHA512

651f0046a56cde9f47510135d2d8340cc315029e2012eba872b7eab67d8b67b12b94351595f85bcd39e3f5eb3bf186909f3a83942b04b734e456ae9e2ededd33
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x00080000000122ec-137.dat
- Size
  
  210KB
- MD5
  
  28e39d940e186e111f8b7e5139e1227e
- SHA1
  
  7f8efbd96c63dc176fe1d0dc3e379a3aa911b4d9
- SHA256
  
  6430fc1c0ee7a3f739ce36caf0a20bef80a8dc67d9fa2fc06a8c24b00d6d2492
- SHA512
  
  651f0046a56cde9f47510135d2d8340cc315029e2012eba872b7eab67d8b67b12b94351595f85bcd39e3f5eb3bf186909f3a83942b04b734e456ae9e2ededd33
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2