amadey | 5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

5514e5a91e...JC.exe

windows7-x64

5514e5a91e...JC.exe

windows10-2004-x64

Sharing

General

Target

5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862exe_JC.exe
Size

6.9MB
Sample

230803-w1kdtsfe36
MD5

57794b001e1e8c4917aaa864268fec36
SHA1

825e7a4c79f47d61df14a140398c2770ab22fb65
SHA256

5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862
SHA512

5854c92417a8ca5fb9423483000bf26bb6bba7c89c414512efc5189f416f6f074d965d20ef279488033d06ba09a31d253b8de80f198ccaa81e792c463d3bd0a2
SSDEEP

196608:gbJEeOGZPuknu4TNAzGx2tXuqIg1YJwPj:gbaElhDSus1YJwPj

Score

10^/10

amadey trojan vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862exe_JC.exe

Resource

win7-20230712-en

amadey trojan vmprotect

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862exe_JC.exe

Resource

win10v2004-20230703-en

amadey trojan vmprotect

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.85

C2

45.9.74.166/b7djSDcPcZ/index.php

45.9.74.141/b7djSDcPcZ/index.php

Targets

- Target
  
  5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862exe_JC.exe
- Size
  
  6.9MB
- MD5
  
  57794b001e1e8c4917aaa864268fec36
- SHA1
  
  825e7a4c79f47d61df14a140398c2770ab22fb65
- SHA256
  
  5514e5a91e4b192cae4f78fc9d4d10641704c3778d0fd418f305b081ba5b9862
- SHA512
  
  5854c92417a8ca5fb9423483000bf26bb6bba7c89c414512efc5189f416f6f074d965d20ef279488033d06ba09a31d253b8de80f198ccaa81e792c463d3bd0a2
- SSDEEP
  
  196608:gbJEeOGZPuknu4TNAzGx2tXuqIg1YJwPj:gbaElhDSus1YJwPj
Score

10^/10

amadey trojan vmprotect
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeytrojanvmprotect

behavioral2

amadeytrojanvmprotect

© 2018-2025

Terms | Privacy