amadey | 96897d2d77f0d1a2f6d61484ee8ce4e3f7fc57dc022787a063729c2662cf5cd0 | Triage

Sharing

General

Target

0x0006000000014497-127.dat
Size

205KB
Sample

230614-lghqsafg3w
MD5

2e31cbfc8785719deac9dd4df4fddf3f
SHA1

8d294463d723cca86cf6483d8e8ece73a4f42fa4
SHA256

96897d2d77f0d1a2f6d61484ee8ce4e3f7fc57dc022787a063729c2662cf5cd0
SHA512

0478c53bd24c762d126ca527f9fa3f514e66725935a55ad5160daa1a8b2e865132560313d911d51db766150c7bfbecfba223a21f11870873f6aa590dd92f96b3
SSDEEP

3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.83

C2

77.91.68.30/music/rock/index.php

Targets

- Target
  
  0x0006000000014497-127.dat
- Size
  
  205KB
- MD5
  
  2e31cbfc8785719deac9dd4df4fddf3f
- SHA1
  
  8d294463d723cca86cf6483d8e8ece73a4f42fa4
- SHA256
  
  96897d2d77f0d1a2f6d61484ee8ce4e3f7fc57dc022787a063729c2662cf5cd0
- SHA512
  
  0478c53bd24c762d126ca527f9fa3f514e66725935a55ad5160daa1a8b2e865132560313d911d51db766150c7bfbecfba223a21f11870873f6aa590dd92f96b3
- SSDEEP
  
  3072:H/DmgskHbfHN+Pst60p0zuNmnKG7peNMQbuZAIqbey3lfbi:fDmfAfHN+wiuInRexuZAIij
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2