amadey | c9691c9eba788ff4641cd85a1ede2f1689401ec99065cb81e99428635ad44988 | Triage

Sharing

General

Target

ac5191f13cd12090eee4819aa75fe5795df43a9e3101753666734ab2ad5da168.zip
Size

294KB
Sample

231119-2bby2scc33
MD5

e8a081fffb1ef856b8878daaf8311e01
SHA1

2b49a390a05b532f8c97489505369e803b7b659b
SHA256

c9691c9eba788ff4641cd85a1ede2f1689401ec99065cb81e99428635ad44988
SHA512

035a482b20c912c141d58917fbc422bfef68a9ae43037b4904b2630a47c808b31a4807be446cd3e1d41de582bb43f90fe1a2ffd431bf67ba17bb6799f39cc2cb
SSDEEP

6144:pqs++Pfn2jmUNGcPssxjX3FMj8f5F4M5aMRjK9AlciBe4WT8a4wDyyaf:VPPOjmUEcDVuSiM5axOlcye4WwjeyyC

Score

10^/10

amadey trojan

Malware Config

Targets

- Target
  
  ac5191f13cd12090eee4819aa75fe5795df43a9e3101753666734ab2ad5da168.exe
- Size
  
  395KB
- MD5
  
  85ced175fc50113e11a118e44f83f57a
- SHA1
  
  0623207b6b2f59278569b1f431f9cbb97a56baf4
- SHA256
  
  ac5191f13cd12090eee4819aa75fe5795df43a9e3101753666734ab2ad5da168
- SHA512
  
  6955fe346a90e91c24eb867525e3786d1fb7b4b609b837863d376fe00f62707cf2242a6c530380a9638d2e8c9b0e90cbbb126a7d2698d01583ed6a5e0030222c
- SSDEEP
  
  6144:DLiidECmWHgYTzjJZR2RPKlnQ1CC9QDE2D/4t1VDsVcXgQY:DWiTBHgYTzjw5KKJg1avsGwQ
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2