amadey | 2a40373ae4688abc43698d24dc63b9f2a079cbb71a9bca4f90e23dd9be573364 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x000800000001235f-92.dat
Size

205KB
Sample

230614-rev6zsaa61
MD5

2425b77a718e305dc30869618074ac44
SHA1

49af371aad990f5d138dce055450061994d9a367
SHA256

2a40373ae4688abc43698d24dc63b9f2a079cbb71a9bca4f90e23dd9be573364
SHA512

127c8747539ed9213cc4a1bb256f91371c349918be6abf9b02000c502901a0334a22edde6c6114e0e847d45a3ab6590d51d735ebe60086fd9d5f19ad6d3cabbb
SSDEEP

3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

- Target
  
  0x000800000001235f-92.dat
- Size
  
  205KB
- MD5
  
  2425b77a718e305dc30869618074ac44
- SHA1
  
  49af371aad990f5d138dce055450061994d9a367
- SHA256
  
  2a40373ae4688abc43698d24dc63b9f2a079cbb71a9bca4f90e23dd9be573364
- SHA512
  
  127c8747539ed9213cc4a1bb256f91371c349918be6abf9b02000c502901a0334a22edde6c6114e0e847d45a3ab6590d51d735ebe60086fd9d5f19ad6d3cabbb
- SSDEEP
  
  3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2