amadey | 9cce5e001cb0c3c53b99e0e2ee0ca6d152ce00da3977fbd1832e78b1a1955e33 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000016c97-86.dat
Size

228KB
Sample

230721-b969qscc6s
MD5

286d52fad8530353077731edaea3572f
SHA1

ec9d12cf52af27a87c476786937ae674119388d4
SHA256

9cce5e001cb0c3c53b99e0e2ee0ca6d152ce00da3977fbd1832e78b1a1955e33
SHA512

025218334ddf50b39db862a74dc50a435dae41709d482e9f7fb2537c28529eadd4a4ca00cc3c673db95471f2bb2aa955b9eedd6e0f0c8d0238372427ad36054b
SSDEEP

3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

- Target
  
  0x0006000000016c97-86.dat
- Size
  
  228KB
- MD5
  
  286d52fad8530353077731edaea3572f
- SHA1
  
  ec9d12cf52af27a87c476786937ae674119388d4
- SHA256
  
  9cce5e001cb0c3c53b99e0e2ee0ca6d152ce00da3977fbd1832e78b1a1955e33
- SHA512
  
  025218334ddf50b39db862a74dc50a435dae41709d482e9f7fb2537c28529eadd4a4ca00cc3c673db95471f2bb2aa955b9eedd6e0f0c8d0238372427ad36054b
- SSDEEP
  
  3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2