amadey | 56de36e7a6759bcc4b288d6ef04f802b9dd2ae3ae2417fd842c5d0e8f34fc448 | Triage

Sharing

General

Target

0x0007000000016cef-84.dat
Size

227KB
Sample

230720-1pagpsbd7t
MD5

cd0a4e8768e6d3a4296de951ab949ab5
SHA1

47f6d7cc658e0888243a3c40f2d823162a756ef0
SHA256

56de36e7a6759bcc4b288d6ef04f802b9dd2ae3ae2417fd842c5d0e8f34fc448
SHA512

75a0f7c2e39f6e32c14c2814a4f615997f8f88c22ac9a6cde5fa4aab54466c89afd91ba5df6437073a98157519ab6b06e7cc9d9fc72af4b341042c6979873d9b
SSDEEP

3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

- Target
  
  0x0007000000016cef-84.dat
- Size
  
  227KB
- MD5
  
  cd0a4e8768e6d3a4296de951ab949ab5
- SHA1
  
  47f6d7cc658e0888243a3c40f2d823162a756ef0
- SHA256
  
  56de36e7a6759bcc4b288d6ef04f802b9dd2ae3ae2417fd842c5d0e8f34fc448
- SHA512
  
  75a0f7c2e39f6e32c14c2814a4f615997f8f88c22ac9a6cde5fa4aab54466c89afd91ba5df6437073a98157519ab6b06e7cc9d9fc72af4b341042c6979873d9b
- SSDEEP
  
  3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2