amadey | 9cd61c9f15d24cf7aeeb74c78353daa96a75afb1610e5abaef79e5b777c84135 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

amadey4.bat
Size

3.3MB
Sample

230630-n6fntshf62
MD5

6d3bc827d3ee74ac36cfe4fa25b56af1
SHA1

09f618ed800b03879d2c545607d349e5998604c4
SHA256

9cd61c9f15d24cf7aeeb74c78353daa96a75afb1610e5abaef79e5b777c84135
SHA512

5157e218ff08a04412423ce9a9c16f891005d6b99bea640dd44c4afb3afd307d0931184f7336a3a6b83ea8dc47c3d4b3370f94915e580b3bc74e93cf6f0427f2
SSDEEP

49152:BfcVNUHb0wJxX2tdOVO/k2TKfVv5QaGI2JuRL7:l

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.84

C2

myserveur855.cc/folder966/index.php

Targets

- Target
  
  amadey4.bat
- Size
  
  3.3MB
- MD5
  
  6d3bc827d3ee74ac36cfe4fa25b56af1
- SHA1
  
  09f618ed800b03879d2c545607d349e5998604c4
- SHA256
  
  9cd61c9f15d24cf7aeeb74c78353daa96a75afb1610e5abaef79e5b777c84135
- SHA512
  
  5157e218ff08a04412423ce9a9c16f891005d6b99bea640dd44c4afb3afd307d0931184f7336a3a6b83ea8dc47c3d4b3370f94915e580b3bc74e93cf6f0427f2
- SSDEEP
  
  49152:BfcVNUHb0wJxX2tdOVO/k2TKfVv5QaGI2JuRL7:l
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2