amadey | b883cbda86d6f8cf0281b79686e1751e9763b71ff4d2af0cd2f7030feeea2662 | Triage

Sharing

General

Target

0x0006000000014720-122.dat
Size

211KB
Sample

230611-ajrkxsgh2x
MD5

9735f362faf2d822fe51741f203b5fa4
SHA1

a5d983a143c4be0b598f94853e5b752f1b0475b3
SHA256

b883cbda86d6f8cf0281b79686e1751e9763b71ff4d2af0cd2f7030feeea2662
SHA512

f46182cdb37af166f1a6eb7ffbbbf5be007eed62ebe8f497471d393cdfffa4306f105925934abec55bc1f962ba1196ea50107252fc5e2e0e8fe3e2f63ae4b2c7
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x0006000000014720-122.dat
- Size
  
  211KB
- MD5
  
  9735f362faf2d822fe51741f203b5fa4
- SHA1
  
  a5d983a143c4be0b598f94853e5b752f1b0475b3
- SHA256
  
  b883cbda86d6f8cf0281b79686e1751e9763b71ff4d2af0cd2f7030feeea2662
- SHA512
  
  f46182cdb37af166f1a6eb7ffbbbf5be007eed62ebe8f497471d393cdfffa4306f105925934abec55bc1f962ba1196ea50107252fc5e2e0e8fe3e2f63ae4b2c7
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2