amadey | 18be196caf3552afa4552edbe36a4ff57cb2a238952d9c559c172eddbb4eec7e | Triage

Sharing

General

Target

0x00080000000122d3-92.dat
Size

211KB
Sample

230611-aqm63sgh3x
MD5

424996a77b7295eb0f8b3439e328b95a
SHA1

321e78f5853a89d76b66c98b0d597d466eb64b88
SHA256

18be196caf3552afa4552edbe36a4ff57cb2a238952d9c559c172eddbb4eec7e
SHA512

bf84ed0364b4c7bead911f419f800454fc8ba25521cb01048b394ee80568fc132986fa58e6cd3504bb8eb95ea616d2b8a1e0e37479034b5f5e230ef7bd6eacd8
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x00080000000122d3-92.dat
- Size
  
  211KB
- MD5
  
  424996a77b7295eb0f8b3439e328b95a
- SHA1
  
  321e78f5853a89d76b66c98b0d597d466eb64b88
- SHA256
  
  18be196caf3552afa4552edbe36a4ff57cb2a238952d9c559c172eddbb4eec7e
- SHA512
  
  bf84ed0364b4c7bead911f419f800454fc8ba25521cb01048b394ee80568fc132986fa58e6cd3504bb8eb95ea616d2b8a1e0e37479034b5f5e230ef7bd6eacd8
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2