amadey | f79945c9617fcdbf6d813e2af995550ef820dbc92013d22cb3e48c6cc733c1a1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000023211-166.dat
Size

230KB
Sample

230818-3qmvjafb92
MD5

7330ca9da317e5617c4ff4838142ac20
SHA1

09f570bff0298fb80f6d95717a0971ae55829f60
SHA256

f79945c9617fcdbf6d813e2af995550ef820dbc92013d22cb3e48c6cc733c1a1
SHA512

a5cc45fe09dfbd298eabd6a9b69e464f0693ebdd4ff8b28a4b579fec7eaa73774b66e3ea22d4667c129d15e7399802bf0f5bdc3c4ef30713753e52c61d472c39
SSDEEP

3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.86

C2

77.91.68.61/rock/index.php

Targets

- Target
  
  0x0006000000023211-166.dat
- Size
  
  230KB
- MD5
  
  7330ca9da317e5617c4ff4838142ac20
- SHA1
  
  09f570bff0298fb80f6d95717a0971ae55829f60
- SHA256
  
  f79945c9617fcdbf6d813e2af995550ef820dbc92013d22cb3e48c6cc733c1a1
- SHA512
  
  a5cc45fe09dfbd298eabd6a9b69e464f0693ebdd4ff8b28a4b579fec7eaa73774b66e3ea22d4667c129d15e7399802bf0f5bdc3c4ef30713753e52c61d472c39
- SSDEEP
  
  3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2