amadey | 0a766a6f199b7b37b7a88f15cda3929ee5281ff5df12a3a8c6a9a1598610a7da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000015c4e-80.dat
Size

333KB
Sample

230903-mba97ahb5z
MD5

4c05ee7e00cb55075ef917b7eceb9cd1
SHA1

286d6ae38788409dd615077c0c3a96fb2d74984f
SHA256

0a766a6f199b7b37b7a88f15cda3929ee5281ff5df12a3a8c6a9a1598610a7da
SHA512

533e38ba5d883a2183bae17b0bda8fbba82bd41ab38f1ede460a8603275dfcb1973f89c5f81d33a6b6d35b1fe0d6aaecad9cff663a8eaa361091b57b25c2c1f9
SSDEEP

6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes

install_dir
b40d11255d
install_file
saves.exe
strings_key
fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Targets

- Target
  
  0x0006000000015c4e-80.dat
- Size
  
  333KB
- MD5
  
  4c05ee7e00cb55075ef917b7eceb9cd1
- SHA1
  
  286d6ae38788409dd615077c0c3a96fb2d74984f
- SHA256
  
  0a766a6f199b7b37b7a88f15cda3929ee5281ff5df12a3a8c6a9a1598610a7da
- SHA512
  
  533e38ba5d883a2183bae17b0bda8fbba82bd41ab38f1ede460a8603275dfcb1973f89c5f81d33a6b6d35b1fe0d6aaecad9cff663a8eaa361091b57b25c2c1f9
- SSDEEP
  
  6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2