amadey | e649b67f30c863fa4083b8bed1ed730ec0e6cee87219ce1da4d8b4c23132657c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b30459bc555a81cdc2ad77f26c99778d61b69d932ce6d794bda6efc083942239
Size

103KB
Sample

231011-hrh8hsgd5x
MD5

046a763a9e46efcf99d4320a308098d4
SHA1

e6254525921e717d2e12c2c46796369c28b6613c
SHA256

e649b67f30c863fa4083b8bed1ed730ec0e6cee87219ce1da4d8b4c23132657c
SHA512

2c969c46436890217862063c7e174eed5345d6e0fac25f785bb66fa2f529cedc3d4447864cac7abb2b2a327851c9becafbc2d4c9d620a48020d5d8705c7fff88
SSDEEP

3072:WLTzrHEDjomznpCacXyS+ZLRyy4c1m6J/X:WLXmD8hX8ZNyCm6xX

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

- Target
  
  b30459bc555a81cdc2ad77f26c99778d61b69d932ce6d794bda6efc083942239
- Size
  
  241KB
- MD5
  
  e0f914bab316aa50edc3cdec034edac7
- SHA1
  
  27b352c3c63a2ad09e332c53a4cdf54a17922cde
- SHA256
  
  b30459bc555a81cdc2ad77f26c99778d61b69d932ce6d794bda6efc083942239
- SHA512
  
  546f70d4e483d390de6e08138d8126a69057fb0916f427e22b2aba5d06200f35cb9e3e3b132eed6eda1600982d56bd5feb080d6e834d49794717837249c81418
- SSDEEP
  
  6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2