amadey | 8e0ce2743cb2e2ce038b92ac7e4234a432279dcce4c892555b9440aa8b16265e | Triage

Sharing

General

Target

0x000a000000015dbc-87.dat
Size

228KB
Sample

230721-cjvcxsbf77
MD5

0709d929d383a7b7e0c0bc1b46c208f9
SHA1

c25f2c24b5e6a03116feb48832fe673927a4c347
SHA256

8e0ce2743cb2e2ce038b92ac7e4234a432279dcce4c892555b9440aa8b16265e
SHA512

92cde8147bf7dc9208261a2a1ce8c5536c28b710bc520afc5e9916920f8b9d1ba4c66b243e56a1a48c06df6c29280d76d3d5d8b2845cc158c2264b0df2b24029
SSDEEP

3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

- Target
  
  0x000a000000015dbc-87.dat
- Size
  
  228KB
- MD5
  
  0709d929d383a7b7e0c0bc1b46c208f9
- SHA1
  
  c25f2c24b5e6a03116feb48832fe673927a4c347
- SHA256
  
  8e0ce2743cb2e2ce038b92ac7e4234a432279dcce4c892555b9440aa8b16265e
- SHA512
  
  92cde8147bf7dc9208261a2a1ce8c5536c28b710bc520afc5e9916920f8b9d1ba4c66b243e56a1a48c06df6c29280d76d3d5d8b2845cc158c2264b0df2b24029
- SSDEEP
  
  3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2