amadey | 1993d56acb6625090a7cb3bf282e4a887a91bd90431df1bc88a873abf71e7c7b | Triage

Sharing

General

Target

m9494376.exe
Size

313KB
Sample

230817-eq62eafb78
MD5

69b27fe3308bebb904ae9c80c0745ae3
SHA1

53ab89c8f91f8ece4916747db74b4d22ef6cef95
SHA256

1993d56acb6625090a7cb3bf282e4a887a91bd90431df1bc88a873abf71e7c7b
SHA512

e4f6d3a2dee21fd4f225df212a64d4fbdb027d3e4e1f00c6c0312dfb7dfa18309ba2b2cdf7f5f8f38bf15ee66374354cf5a26cf4896e3551d47339bf9174fb70
SSDEEP

6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8BqN:Sfm5BB7kpi2k/ae6u17pa8BqN

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

S-%lu-

C2

77.91.68.18/nice/index.php

3.87/nice/index.php

Targets

- Target
  
  m9494376.exe
- Size
  
  313KB
- MD5
  
  69b27fe3308bebb904ae9c80c0745ae3
- SHA1
  
  53ab89c8f91f8ece4916747db74b4d22ef6cef95
- SHA256
  
  1993d56acb6625090a7cb3bf282e4a887a91bd90431df1bc88a873abf71e7c7b
- SHA512
  
  e4f6d3a2dee21fd4f225df212a64d4fbdb027d3e4e1f00c6c0312dfb7dfa18309ba2b2cdf7f5f8f38bf15ee66374354cf5a26cf4896e3551d47339bf9174fb70
- SSDEEP
  
  6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8BqN:Sfm5BB7kpi2k/ae6u17pa8BqN
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2