amadey | 31c801d902432077038212fbe3f46c136c47d098d2e0695efa27af1fcbcebfcf | Triage

Sharing

General

Target

48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.zip
Size

299KB
Sample

231119-2bbnaacc28
MD5

d0e1dbe878d4d5a030957195f9dbb181
SHA1

e650d1f8c6ed5a6b601bc5356a5c9c3b2c63aefd
SHA256

31c801d902432077038212fbe3f46c136c47d098d2e0695efa27af1fcbcebfcf
SHA512

63a2797cd6944719878452f1047183786e7b1db40cef9a5ce8f0b60cb64518a5bd45863950188c63aa935896d0bfa0b2b461776b4d5b9e1f0704fae1e89685ab
SSDEEP

6144:p2ccVjflPwImni5ZiL4chE6hYmTmWPBM9LxzzC8GGkzLI8vIO0NzOdwh:ymnqiEw1aW5M9lzzCBGaAbzfh

Score

10^/10

amadey trojan

Malware Config

Targets

- Target
  
  48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe
- Size
  
  389KB
- MD5
  
  06db095ad745f4d74172f4fba8f3627b
- SHA1
  
  ca7b62c845365ba6b89293c58b765ae6e583574f
- SHA256
  
  48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e
- SHA512
  
  394d58e36537cb2bdfd6ed5c7c0a46a8d07dd9e9c835b8bdf7ee8a7604558a217ec59eca29372cb788ee0a9708a33f2db9c1f78bebda5b799196f712a346a207
- SSDEEP
  
  6144:QBILQwvGEKYPrXiR8vXkQlJIX6nIFI9he4jy1JKSH:QBI8wuXCXiRclJ5x9hly1x
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2