amadey | 59dd12e99498a9efdfde09d8534e1015063d9d4d75cfd894f44566b49f622fdd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0009000000015616-86.dat
Size

227KB
Sample

230722-k16fhsad94
MD5

700dcc0d12862ca074831faf0ac37cdb
SHA1

c87bb3ce26ea2018f53a82893a1bb628bda47573
SHA256

59dd12e99498a9efdfde09d8534e1015063d9d4d75cfd894f44566b49f622fdd
SHA512

3ed845e23eb9483daa66861ddfb88cfdd7434bb518a11880afa84c5eb61ca8cce3bdc6e246ab5d4312a8c3113be79caf4708e2618eb6eb9665f2136f98ee59e5
SSDEEP

3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.85

C2

77.91.68.3/home/love/index.php

Targets

- Target
  
  0x0009000000015616-86.dat
- Size
  
  227KB
- MD5
  
  700dcc0d12862ca074831faf0ac37cdb
- SHA1
  
  c87bb3ce26ea2018f53a82893a1bb628bda47573
- SHA256
  
  59dd12e99498a9efdfde09d8534e1015063d9d4d75cfd894f44566b49f622fdd
- SHA512
  
  3ed845e23eb9483daa66861ddfb88cfdd7434bb518a11880afa84c5eb61ca8cce3bdc6e246ab5d4312a8c3113be79caf4708e2618eb6eb9665f2136f98ee59e5
- SSDEEP
  
  3072:oTzC4usLP+wOULUFAB3i9nyRA4/Prk3huiPFSbuZRuNcZVKOUm8LHIMbffWtsm3:oTzYsLdf/Rity237PFHRuNcPKOK3+
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2