amadey | e7b4dbcf1a91b391a25c3c553105f6fe4f06acda0ba617506dbf5a0bd7a17b8d | Triage

Sharing

General

Target

94cb4900add242e9bfbf9c8e50431018f2c5eb48a0d074100a19428dac5145e5
Size

103KB
Sample

231011-yhkmzshd9t
MD5

56c778c56cc95d78964445010fdb97de
SHA1

b077f1f61df12d1431e13dc8d5ea3ad06d63f1d7
SHA256

e7b4dbcf1a91b391a25c3c553105f6fe4f06acda0ba617506dbf5a0bd7a17b8d
SHA512

df3945bc55a53f9448e3cc8587aa2a9b052e49c874c836227779ec9f88d64cc6fe0f7528fbc55e9babb4377fc1b4fb259b8abdfb9c129873babaecc3b2732678
SSDEEP

3072:SLTzrHEDjomznpCacXyS+ZLRyy4c1m6J/x:SLXmD8hX8ZNyCm6xx

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

- Target
  
  94cb4900add242e9bfbf9c8e50431018f2c5eb48a0d074100a19428dac5145e5
- Size
  
  238KB
- MD5
  
  11528cc873ed72e010f233b70e945561
- SHA1
  
  6d25459f7d4efdd5f68077d2e67c0894ff4f61bf
- SHA256
  
  94cb4900add242e9bfbf9c8e50431018f2c5eb48a0d074100a19428dac5145e5
- SHA512
  
  2bdb38ed6b7ca4715424bc0331f14e20d99418dd6a8ebb55c7e0c90e87a9c3d361d34df60d7f81743592d7cf1cce48b6d74293fd1f092881a08127a362f75047
- SSDEEP
  
  6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2