amadey | 94cd0b10c1b09146e3a7413d6f5499b6fdbaa0d112fbaaa535204b7e3da344c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0x0006000000015ef9-80.dat
Size

335KB
Sample

230904-m56yysgb24
MD5

762434998b43c23827341ffa3fe3afe5
SHA1

9b9a5074ad2184e7ca5cb5dec87b651dd9f2ace2
SHA256

94cd0b10c1b09146e3a7413d6f5499b6fdbaa0d112fbaaa535204b7e3da344c2
SHA512

ec7dff3e7da322baedfe0598249fb5c96bd4ba3634c0a5cfcad1f889769f969ae3cc637084003678500e656699f48f635c6df286cf2452d920b16f74b7302678
SSDEEP

6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.87

C2

77.91.68.18/nice/index.php

Attributes

install_dir
b40d11255d
install_file
saves.exe
strings_key
fa622dfc42544927a6471829ee1fa9fe

rc4.plain

Targets

- Target
  
  0x0006000000015ef9-80.dat
- Size
  
  335KB
- MD5
  
  762434998b43c23827341ffa3fe3afe5
- SHA1
  
  9b9a5074ad2184e7ca5cb5dec87b651dd9f2ace2
- SHA256
  
  94cd0b10c1b09146e3a7413d6f5499b6fdbaa0d112fbaaa535204b7e3da344c2
- SHA512
  
  ec7dff3e7da322baedfe0598249fb5c96bd4ba3634c0a5cfcad1f889769f969ae3cc637084003678500e656699f48f635c6df286cf2452d920b16f74b7302678
- SSDEEP
  
  6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2