amadey | 55604d215db0a7ff3c22c56ddc9320c9ea9e0042fcae7bcde80d560c715e02e0 | Triage

Sharing

General

Target

0x00040000000186dc-59.dat
Size

219KB
Sample

231014-bspclahe5z
MD5

9eb6714332584787b5722a885f590c4a
SHA1

ecd3ec2a217b524a451d276bc16a96747a80804a
SHA256

55604d215db0a7ff3c22c56ddc9320c9ea9e0042fcae7bcde80d560c715e02e0
SHA512

5593eecbdf5068c67d9bfd200d7a26a8a8702e789a7cc712ef71f9a4bf2cbb7151bddf98c330cf50531f7d0822c8494bc9756dc3c06c1558e95417760d46f922
SSDEEP

6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688

rc4.plain

Targets

- Target
  
  0x00040000000186dc-59.dat
- Size
  
  219KB
- MD5
  
  9eb6714332584787b5722a885f590c4a
- SHA1
  
  ecd3ec2a217b524a451d276bc16a96747a80804a
- SHA256
  
  55604d215db0a7ff3c22c56ddc9320c9ea9e0042fcae7bcde80d560c715e02e0
- SHA512
  
  5593eecbdf5068c67d9bfd200d7a26a8a8702e789a7cc712ef71f9a4bf2cbb7151bddf98c330cf50531f7d0822c8494bc9756dc3c06c1558e95417760d46f922
- SSDEEP
  
  6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2