amadey | a4410a591163d42c1e3cd2ef599eb7533886cc7c9beb176e4975ac903fb20356 | Triage

Sharing

General

Target

0x0007000000013472-92.dat
Size

205KB
Sample

230610-ympgqsgd9v
MD5

57127977e248579604fe26cf6cb9d2a3
SHA1

5187a18f1edbf4cf8e5f3e2143c5b2b4546f10cd
SHA256

a4410a591163d42c1e3cd2ef599eb7533886cc7c9beb176e4975ac903fb20356
SHA512

85bcf9ae0dcab30e905dc7cf71e3fa67a7a92e27e5bd7ebf88c12fa4731a95b482bd97f8f6c47b8123d0f7ddd35a1db5fd903659871ee5b41260d93f65fd0d50
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x0007000000013472-92.dat
- Size
  
  205KB
- MD5
  
  57127977e248579604fe26cf6cb9d2a3
- SHA1
  
  5187a18f1edbf4cf8e5f3e2143c5b2b4546f10cd
- SHA256
  
  a4410a591163d42c1e3cd2ef599eb7533886cc7c9beb176e4975ac903fb20356
- SHA512
  
  85bcf9ae0dcab30e905dc7cf71e3fa67a7a92e27e5bd7ebf88c12fa4731a95b482bd97f8f6c47b8123d0f7ddd35a1db5fd903659871ee5b41260d93f65fd0d50
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2