amadey | 3b8808f7e81360a454a5070e5ba8b54174e873f3da0974a13afbef1af5016470 | Triage

Sharing

General

Target

ca3cc0a015ed43a1441a993097ec2e774ad3823d372fe2a78ef2c42ecf7eb7fe.zip
Size

292KB
Sample

231119-3vbytscg57
MD5

0e1048c59c6fb36460bc44839d1a37e6
SHA1

de1021f55ae36f5d7f70cc561f119909e3416d55
SHA256

3b8808f7e81360a454a5070e5ba8b54174e873f3da0974a13afbef1af5016470
SHA512

83e5b13531159c00b39abbef77011d7e02d87b067dd150f1a67ec40797efb6fc58814bdd6b56fdd69879d7f054a1e3b371b3e4f2aa9674e55087e3622590a1c6
SSDEEP

6144:ZEdbTalpUqOkj7f/iXKxVNjjf+Wtuf8OEMYsNPT7qoiRckts7wqHTiDJR:KnoLOkjeXKnNHZQNL2oiRd+7T8/

Score

10^/10

amadey trojan

Malware Config

Targets

- Target
  
  ca3cc0a015ed43a1441a993097ec2e774ad3823d372fe2a78ef2c42ecf7eb7fe.exe
- Size
  
  386KB
- MD5
  
  3e368055148cb6a46d2c37c22e7b6d7c
- SHA1
  
  5ff4a741c50a7ba749db056f6c8576e1c9f07a93
- SHA256
  
  ca3cc0a015ed43a1441a993097ec2e774ad3823d372fe2a78ef2c42ecf7eb7fe
- SHA512
  
  82445e8c8409817dfa3ffa699a42a0f6449c0377d7729238a86f4d3fe86fc60da2d34c80d720b86dab20f072281a0ad52b159335d33fb9e893fbf37000b06429
- SSDEEP
  
  6144:CoLwV/vaoA4iuDorUhN0cTV06WCKRkqGxT68JmFc56:Co0V/ziMLhNZ6kiFGE8JmFS
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2