amadey | f38bd46d84af78e8b3349ca47f1cf49c6c1dc68859b0e8293ef868b73759668d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7581746d53e48bb42c0771f39dd746f52eb40cef903b3d322b5dcc6810657320
Size

109KB
Sample

231013-pth4vshf4v
MD5

3a50324d46ee2366a04633260510284a
SHA1

dc9cca79f35a1240b29b5723f3a25b06971e5717
SHA256

f38bd46d84af78e8b3349ca47f1cf49c6c1dc68859b0e8293ef868b73759668d
SHA512

cc66fe25f83b311262c0765c84852aae73d46439a93b7993bbe0bdeebfad0822ddfde6b64ee052e14b8066ea2139dccb56ec90dba9bcf3e95f958156ecf8e0c2
SSDEEP

3072:ad9E3VA8jatPJDKe8Hy514h5ZMIDMkhA8:admj6hz6Nv

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes

install_dir
fefffe8cea
install_file
explothe.exe
strings_key
36a96139c1118a354edf72b1080d4b2f

rc4.plain

Targets

- Target
  
  7581746d53e48bb42c0771f39dd746f52eb40cef903b3d322b5dcc6810657320
- Size
  
  237KB
- MD5
  
  0858defe913e8bc73661e43b8e8025a8
- SHA1
  
  5280e944ed28bff40d9a1c780386e71790abc03d
- SHA256
  
  7581746d53e48bb42c0771f39dd746f52eb40cef903b3d322b5dcc6810657320
- SHA512
  
  f22d3bbd1745de577e17e6058514155577152d5538c12b5dc40a660f2b659718354a53a9efc572b344532bc94e1f07816dc576f4e7feebe50b6c0161c213a46c
- SSDEEP
  
  6144:LEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:LE32xpoaxBFg1ugMeS
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2