amadey | de523132af9ac7e193660a0d5d1e220efd75974a7945910e7ce298204f428541 | Triage

Sharing

General

Target

0x00080000000122dc-121.dat
Size

205KB
Sample

230611-azxrwagb55
MD5

1f7bb558c775ad5a97243e8c22918ca4
SHA1

c34140fa4efd58718488ae548cb82491e0f7e128
SHA256

de523132af9ac7e193660a0d5d1e220efd75974a7945910e7ce298204f428541
SHA512

8e7767d2da7b8aa1de8fb6d22e49b41985d5128749c4d9efbc29e3c4c84dd05dab9da0d550b7d4b0ba1cbafcca341e73e6b7e82d5f4ace1cb91ee84774a57072
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x00080000000122dc-121.dat
- Size
  
  205KB
- MD5
  
  1f7bb558c775ad5a97243e8c22918ca4
- SHA1
  
  c34140fa4efd58718488ae548cb82491e0f7e128
- SHA256
  
  de523132af9ac7e193660a0d5d1e220efd75974a7945910e7ce298204f428541
- SHA512
  
  8e7767d2da7b8aa1de8fb6d22e49b41985d5128749c4d9efbc29e3c4c84dd05dab9da0d550b7d4b0ba1cbafcca341e73e6b7e82d5f4ace1cb91ee84774a57072
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2