amadey | 3d4c7a39d68ae568ba25cf285e300a60f988c43bd2567da2500ea8514db26c5f | Triage

Sharing

General

Target

0x0007000000013397-120.dat
Size

210KB
Sample

230610-atdrtadg94
MD5

00d3199bc94f3145bdfb1723fc97ee7e
SHA1

f2959ef726db22a9cbc0d974ef723ba25e254e15
SHA256

3d4c7a39d68ae568ba25cf285e300a60f988c43bd2567da2500ea8514db26c5f
SHA512

31ba31b9c1746c118bafa4c2556c1962ba9524d1f42ddf6c66ee8e5e56ff7bd0e0c7eed3cebbdd4ad81884d3c0ecdba40f5b598d3718fae69f370edcdef13c56
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x0007000000013397-120.dat
- Size
  
  210KB
- MD5
  
  00d3199bc94f3145bdfb1723fc97ee7e
- SHA1
  
  f2959ef726db22a9cbc0d974ef723ba25e254e15
- SHA256
  
  3d4c7a39d68ae568ba25cf285e300a60f988c43bd2567da2500ea8514db26c5f
- SHA512
  
  31ba31b9c1746c118bafa4c2556c1962ba9524d1f42ddf6c66ee8e5e56ff7bd0e0c7eed3cebbdd4ad81884d3c0ecdba40f5b598d3718fae69f370edcdef13c56
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2