amadey | 0c3974145ec2fb265b6046176308a2273428a268550cdc4492c71d5e76781bfb | Triage

Sharing

General

Target

0x00070000000132ee-92.dat
Size

205KB
Sample

230615-ggte3aeg71
MD5

81e8ccb695302c1b6789bd993db4f059
SHA1

887eea9afc86b612bcc3d64114da3884cbf4baee
SHA256

0c3974145ec2fb265b6046176308a2273428a268550cdc4492c71d5e76781bfb
SHA512

b84c4693500a755bb4ae075dbab4da19166117e853387ae568c6bc752cae36fef150134e637b88a1bbe1975ec5a8234fc26b8071be91b984076eb561bd7b9958
SSDEEP

3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.84

C2

77.91.68.63/doma/net/index.php

Targets

- Target
  
  0x00070000000132ee-92.dat
- Size
  
  205KB
- MD5
  
  81e8ccb695302c1b6789bd993db4f059
- SHA1
  
  887eea9afc86b612bcc3d64114da3884cbf4baee
- SHA256
  
  0c3974145ec2fb265b6046176308a2273428a268550cdc4492c71d5e76781bfb
- SHA512
  
  b84c4693500a755bb4ae075dbab4da19166117e853387ae568c6bc752cae36fef150134e637b88a1bbe1975ec5a8234fc26b8071be91b984076eb561bd7b9958
- SSDEEP
  
  3072:CXkSckkHbzG1iXAt60p0zuNmnKG7peNMQbuZAIOb2y3xfbT:8kSDAzG1iciuInRexuZAIKj
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2