amadey | b33d443c698245e4bc317f864a0b449f339636650f27ca179822509c54587814 | Triage

Sharing

General

Target

5Xc93rC.exe
Size

246KB
Sample

231024-gwvlnsch78
MD5

1362df56b4c7e9888cdded986edc7386
SHA1

05f6ace97bf7e033fbffc0139cdf94b290537d74
SHA256

b33d443c698245e4bc317f864a0b449f339636650f27ca179822509c54587814
SHA512

999494b8ed053c6664ec2c46314284867a3a081b8d970c85fbd06fd2666a9823e67ab3b2d47c83ce6c41a66b71470e4c245dde26166116a799c37ef7f48ab487
SSDEEP

6144:LEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:LE32xpoaxBFg1ugMeS

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes

install_dir
fefffe8cea
install_file
explothe.exe
strings_key
36a96139c1118a354edf72b1080d4b2f

rc4.plain

Targets

- Target
  
  5Xc93rC.exe
- Size
  
  246KB
- MD5
  
  1362df56b4c7e9888cdded986edc7386
- SHA1
  
  05f6ace97bf7e033fbffc0139cdf94b290537d74
- SHA256
  
  b33d443c698245e4bc317f864a0b449f339636650f27ca179822509c54587814
- SHA512
  
  999494b8ed053c6664ec2c46314284867a3a081b8d970c85fbd06fd2666a9823e67ab3b2d47c83ce6c41a66b71470e4c245dde26166116a799c37ef7f48ab487
- SSDEEP
  
  6144:LEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:LE32xpoaxBFg1ugMeS
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2