amadey | 35937f30394331205ac6c7cedc174e495610d366af221c93572a4cf30445b507 | Triage

Sharing

General

Target

0x0006000000022da3-66.dat
Size

220KB
Sample

231029-vsfv1aad49
MD5

d7414deed28382ac271a868d929d0ea8
SHA1

3c59660bd79612724f482b7a682ff87d54a3fb1c
SHA256

35937f30394331205ac6c7cedc174e495610d366af221c93572a4cf30445b507
SHA512

0c5fd3ba3829d56a6241390d124548deaaaaba27baad692fbf1ef766e786b0e35f947af752df8c8abe5de15742982a62034911ff67eb6943fa6cc4a3d302c354
SSDEEP

6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes

install_dir
fefffe8cea
install_file
explothe.exe
strings_key
36a96139c1118a354edf72b1080d4b2f

rc4.plain

Targets

- Target
  
  0x0006000000022da3-66.dat
- Size
  
  220KB
- MD5
  
  d7414deed28382ac271a868d929d0ea8
- SHA1
  
  3c59660bd79612724f482b7a682ff87d54a3fb1c
- SHA256
  
  35937f30394331205ac6c7cedc174e495610d366af221c93572a4cf30445b507
- SHA512
  
  0c5fd3ba3829d56a6241390d124548deaaaaba27baad692fbf1ef766e786b0e35f947af752df8c8abe5de15742982a62034911ff67eb6943fa6cc4a3d302c354
- SSDEEP
  
  6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2