amadey | 55604d215db0a7ff3c22c56ddc9320c9ea9e0042fcae7bcde80d560c715e02e0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0x00040000...59.exe

windows7-x64

0x00040000...59.exe

windows10-2004-x64

Sharing

General

Target

0x00040000000186dc-59.dat
Size

219KB
Sample

231014-bspclahe5z
MD5

9eb6714332584787b5722a885f590c4a
SHA1

ecd3ec2a217b524a451d276bc16a96747a80804a
SHA256

55604d215db0a7ff3c22c56ddc9320c9ea9e0042fcae7bcde80d560c715e02e0
SHA512

5593eecbdf5068c67d9bfd200d7a26a8a8702e789a7cc712ef71f9a4bf2cbb7151bddf98c330cf50531f7d0822c8494bc9756dc3c06c1558e95417760d46f922
SSDEEP

6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2

Score

10^/10

amadey trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0x00040000000186dc-59.exe

Resource

win7-20230831-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0x00040000000186dc-59.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.68.52/mac/index.php

Attributes

install_dir
fefffe8cea
install_file
explonde.exe
strings_key
916aae73606d7a9e02a1d3b47c199688

rc4.plain

1
006700e5a2ab05704bbb0c589b88924d

Targets

- Target
  
  0x00040000000186dc-59.dat
- Size
  
  219KB
- MD5
  
  9eb6714332584787b5722a885f590c4a
- SHA1
  
  ecd3ec2a217b524a451d276bc16a96747a80804a
- SHA256
  
  55604d215db0a7ff3c22c56ddc9320c9ea9e0042fcae7bcde80d560c715e02e0
- SHA512
  
  5593eecbdf5068c67d9bfd200d7a26a8a8702e789a7cc712ef71f9a4bf2cbb7151bddf98c330cf50531f7d0822c8494bc9756dc3c06c1558e95417760d46f922
- SSDEEP
  
  6144:V7Vj3uVUn27+6qQx41QPF2nnugMeS2SpY:xwYfQx9FOnugMeS2
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.