amadey | 3cbe6af421c5b4bfd68569e23f4d22937b0f1753fb37720575e0cc3cfba4a5d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5cG88NU.exe
Size

221KB
Sample

231030-fn96qacg63
MD5

bff1a83c885a5f26107b48e4c380f268
SHA1

dc6180fa352dbcef78af63c8d1fd3f2dfa237ed5
SHA256

3cbe6af421c5b4bfd68569e23f4d22937b0f1753fb37720575e0cc3cfba4a5d5
SHA512

945c5f86c04bba2bcb4ebe3846124e5bb1b83edec7d8d5cf849e86ee24f7fcedc46d011ba70802852c74b611be5b944432c3f0538d33b65313f98051850954a6
SSDEEP

6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1/theme/index.php

Attributes

install_dir
fefffe8cea
install_file
explothe.exe
strings_key
36a96139c1118a354edf72b1080d4b2f

rc4.plain

Targets

- Target
  
  5cG88NU.exe
- Size
  
  221KB
- MD5
  
  bff1a83c885a5f26107b48e4c380f268
- SHA1
  
  dc6180fa352dbcef78af63c8d1fd3f2dfa237ed5
- SHA256
  
  3cbe6af421c5b4bfd68569e23f4d22937b0f1753fb37720575e0cc3cfba4a5d5
- SHA512
  
  945c5f86c04bba2bcb4ebe3846124e5bb1b83edec7d8d5cf849e86ee24f7fcedc46d011ba70802852c74b611be5b944432c3f0538d33b65313f98051850954a6
- SSDEEP
  
  6144:DEPAc72ss5pKL93yMax7pH3F2d1ugMeSWp:DE32xpoaxBFg1ugMeS
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2