amadey | c141a03904631014a2c121410840094dbcf1742e7cdcb568b508f0df8eaa1a30 | Triage

Sharing

General

Target

48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.zip
Size

299KB
Sample

231119-3va2jacg49
MD5

a141da4d90390af57e1fa505f5a05a56
SHA1

6960eca70382d96a5a516be2b3f97043ddd71b09
SHA256

c141a03904631014a2c121410840094dbcf1742e7cdcb568b508f0df8eaa1a30
SHA512

840ff0546b9cb10b705ae3ca9d0d4ac8c9252d09f72770b869969fdf9e5e9f9f3b8bd1a1d260b7bac4a8269ddf5935fa65d09a90680be87e15c8d702eb55a704
SSDEEP

6144:5zZuFhzWtLBe08rlgLqjVMHs+Q8EuJXXA+VNPpMdlQ8Xq:TuFhzWZBIlgLTM+guJA+FUm

Score

10^/10

amadey trojan

Malware Config

Targets

- Target
  
  48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e.exe
- Size
  
  389KB
- MD5
  
  06db095ad745f4d74172f4fba8f3627b
- SHA1
  
  ca7b62c845365ba6b89293c58b765ae6e583574f
- SHA256
  
  48bcf2b8e6a7bd4a807cde942b014848dfc1a0e65fde4959f6c187ea547e659e
- SHA512
  
  394d58e36537cb2bdfd6ed5c7c0a46a8d07dd9e9c835b8bdf7ee8a7604558a217ec59eca29372cb788ee0a9708a33f2db9c1f78bebda5b799196f712a346a207
- SSDEEP
  
  6144:QBILQwvGEKYPrXiR8vXkQlJIX6nIFI9he4jy1JKSH:QBI8wuXCXiRclJ5x9hly1x
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2