amadey | db6636e7dfe4ee4e594bfa6a64160d73f4f969f78c559adb2fc5e1ca7cc0bd6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000016d11-89.dat
Size

227KB
Sample

230803-kang1sde4w
MD5

f6e60debbaa2067a1ce490d70e7e3925
SHA1

f993d8e6b0c719d7a72b9a8a1813ec1990677477
SHA256

db6636e7dfe4ee4e594bfa6a64160d73f4f969f78c559adb2fc5e1ca7cc0bd6f
SHA512

47b363aedee86187a9aaaced298323457a2288f6ea92a94b1912bc919a78f780f989b8006616b0df371f1a03997df94063c9e55bcb4e7385dcfe7ae82cb8d086
SSDEEP

3072:svtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbAa:StV3euVz6rKyS3yHFHhuNcPKpwIK+

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

5.42.92.67/norm/index.php

Targets

- Target
  
  0x0006000000016d11-89.dat
- Size
  
  227KB
- MD5
  
  f6e60debbaa2067a1ce490d70e7e3925
- SHA1
  
  f993d8e6b0c719d7a72b9a8a1813ec1990677477
- SHA256
  
  db6636e7dfe4ee4e594bfa6a64160d73f4f969f78c559adb2fc5e1ca7cc0bd6f
- SHA512
  
  47b363aedee86187a9aaaced298323457a2288f6ea92a94b1912bc919a78f780f989b8006616b0df371f1a03997df94063c9e55bcb4e7385dcfe7ae82cb8d086
- SSDEEP
  
  3072:svtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbAa:StV3euVz6rKyS3yHFHhuNcPKpwIK+
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2