amadey | 095727c50038165bb9592831705c1fdeea50df5d2beb1378c120b981da11275f | Triage

Sharing

General

Target

7641c8716c89830b2b05ef92da76bbb5df735ab1190d3e1c9a885659e36dd870.zip
Size

294KB
Sample

231119-2bbnaacc29
MD5

9c0947ebb990cbb4d61f8b2d61e179e4
SHA1

8ee6350c483f3914e3aa871a38d692828c7924b2
SHA256

095727c50038165bb9592831705c1fdeea50df5d2beb1378c120b981da11275f
SHA512

c421ce95dd7871f6558072973c92d08c1f951a1007cab77c66a805312587e5a57299316180af41b64667448ca5bde2e5e30ede6e99129abacb7c5f4ad65c52fa
SSDEEP

6144:+c+BFkzICa3jnMzaArh8hKI8KK9sbX+ha/8dOCAgpdiDsG2+BBi3HPm:kEQ3rR0a/eybOcy1as98Ku

Score

10^/10

amadey trojan

Malware Config

Targets

- Target
  
  7641c8716c89830b2b05ef92da76bbb5df735ab1190d3e1c9a885659e36dd870.exe
- Size
  
  395KB
- MD5
  
  07ed9e086474d0f8d70dfb2ca9c27904
- SHA1
  
  400e90f6b7396e1d9a72d379ae97f64c01c5c908
- SHA256
  
  7641c8716c89830b2b05ef92da76bbb5df735ab1190d3e1c9a885659e36dd870
- SHA512
  
  3bd8e9c119dc8a9996460c08a9afd2ccd643cc609e473f7e3c6fa51f5758429fdf4331c5dc2e953690ea0649d20020bd7a4de77a17f8f6f47e1624589ddf39de
- SSDEEP
  
  6144:zbL92a91LVTPQBA/JlyP0oa9Gd+5ggDznzpvjxf8Py:npLLVToBA/be0/2e9DJvjS
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2