amadey | 903b6873aa90db9927e799cc735ac702ded5284de209b5d24a685c6e07c4fe05 | Triage

Sharing

General

Target

0x0007000000013316-92.dat
Size

209KB
Sample

230610-aw9bhadg98
MD5

0a99a45a350f6b7e2f6f189e7ac1fae9
SHA1

2b67408ed0f3bf441814fe533c2532397570ace9
SHA256

903b6873aa90db9927e799cc735ac702ded5284de209b5d24a685c6e07c4fe05
SHA512

e204aaba93563786d88411c1734fda0eda0b1b0cc425cb2fae8fbff36911e4b78e584aa119708eabc08fad9644cbe1f6c1516de093cd5018492d4ba3aa5ef837
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x0007000000013316-92.dat
- Size
  
  209KB
- MD5
  
  0a99a45a350f6b7e2f6f189e7ac1fae9
- SHA1
  
  2b67408ed0f3bf441814fe533c2532397570ace9
- SHA256
  
  903b6873aa90db9927e799cc735ac702ded5284de209b5d24a685c6e07c4fe05
- SHA512
  
  e204aaba93563786d88411c1734fda0eda0b1b0cc425cb2fae8fbff36911e4b78e584aa119708eabc08fad9644cbe1f6c1516de093cd5018492d4ba3aa5ef837
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2