amadey | c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7 | Triage

Sharing

General

Target

c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7
Size

2.3MB
Sample

230816-fe7n8shc71
MD5

aa486e83365ae67a5778758685ca4d6f
SHA1

633e328f5deb9c09e99368fa25f6deca4a601bbb
SHA256

c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7
SHA512

e16ef48515eccea7dcb27521027785e9a42ec9d8c76af86f598be363998453f3a71e976bb9ac38caf0751286c41f443cd3a3fad0507f4eedd1d7affeb4734dfd
SSDEEP

24576:hH1FcclmgReLIGaIhJxSJ2lKZZAsKQ7F1RBdaBZZR0DBfg92KVOikDlbnJ6dT17x:DlbKxF8qg11A1o6Xqm

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

45.9.74.182/b7djSDcPcZ/index.php

Targets

- Target
  
  c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7
- Size
  
  2.3MB
- MD5
  
  aa486e83365ae67a5778758685ca4d6f
- SHA1
  
  633e328f5deb9c09e99368fa25f6deca4a601bbb
- SHA256
  
  c010da0b5ee5ca9b8d48491d007af10e5b80f6d7950145e1cf81a195c19836d7
- SHA512
  
  e16ef48515eccea7dcb27521027785e9a42ec9d8c76af86f598be363998453f3a71e976bb9ac38caf0751286c41f443cd3a3fad0507f4eedd1d7affeb4734dfd
- SSDEEP
  
  24576:hH1FcclmgReLIGaIhJxSJ2lKZZAsKQ7F1RBdaBZZR0DBfg92KVOikDlbnJ6dT17x:DlbKxF8qg11A1o6Xqm
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Drops startup file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2