amadey | 11f92e94779bb92b48a6ce6b0f12e262b931ff2d8f1eeb6000d708b5f3059abb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a360a5318a93a25cffac26e52.exe
Size

210KB
Sample

230710-qzdl1aag53
MD5

a360a5318a93a25cffac26e520664aa0
SHA1

cd5a0b59554767b3d4433fe9b5771352309bd10b
SHA256

11f92e94779bb92b48a6ce6b0f12e262b931ff2d8f1eeb6000d708b5f3059abb
SHA512

976d7d1001c26230e825e087e9f0edf6cf82d3ec0c2fd99667b05eb80729c3c2a5e1b45c3327f84c6283c23bfab1c0e93663c90d4a506c11bdcb34ef0f4c72dc
SSDEEP

3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.81

C2

77.91.124.20/store/games/index.php

Targets

- Target
  
  a360a5318a93a25cffac26e52.exe
- Size
  
  210KB
- MD5
  
  a360a5318a93a25cffac26e520664aa0
- SHA1
  
  cd5a0b59554767b3d4433fe9b5771352309bd10b
- SHA256
  
  11f92e94779bb92b48a6ce6b0f12e262b931ff2d8f1eeb6000d708b5f3059abb
- SHA512
  
  976d7d1001c26230e825e087e9f0edf6cf82d3ec0c2fd99667b05eb80729c3c2a5e1b45c3327f84c6283c23bfab1c0e93663c90d4a506c11bdcb34ef0f4c72dc
- SSDEEP
  
  3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2