amadey | a2e34408cfac3c533926687677999b012459602a8f1078fbd72352990cdffd90 | Triage

Sharing

General

Target

c3f84229638feb29c56f2866fb5d143cc06baabeb44ac2c7682464d017339a4e
Size

103KB
Sample

231011-rp8vtsch4x
MD5

b340edd8463df6df5491396bd3aa386c
SHA1

737396a16d5a4e8c415a174bfcd87983432cb4c4
SHA256

a2e34408cfac3c533926687677999b012459602a8f1078fbd72352990cdffd90
SHA512

66d7beb7aba9fedfb1b04dc4bc192322b316ff2d1b9fa57b31a8ab30a1698d4694fb4754069a3c266b572f3ce3144ae13cfa156289a52a1ef2dbc5e56abef96d
SSDEEP

3072:pLTzrHEDjomznpCacXyS+ZLRyy4c1m6J/Y:pLXmD8hX8ZNyCm6xY

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

- Target
  
  c3f84229638feb29c56f2866fb5d143cc06baabeb44ac2c7682464d017339a4e
- Size
  
  239KB
- MD5
  
  31338f428fbfca51e7492c8616a39a55
- SHA1
  
  e81a26285f7fa5d6a0b06c3dccca5339435fe5ea
- SHA256
  
  c3f84229638feb29c56f2866fb5d143cc06baabeb44ac2c7682464d017339a4e
- SHA512
  
  eb5203eb52f7b8f3a1d172a190110713853643812724302b1549c1e63535b73f74237a83a530eb7063130a32521209e8319f1116311934bb65258e6582fe0e81
- SSDEEP
  
  6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2