amadey | 5dba3ff4eeaed1b88b74a4a0b9f2b733202b52e8c35c0182b6a01e5a14ce8979 | Triage

Sharing

General

Target

bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68.zip
Size

598KB
Sample

231125-lghe1shg39
MD5

4de2b8dc63301079162145e8305a2e0e
SHA1

c6e56ae51b9d1ca0892a6889e710627607e4aae0
SHA256

5dba3ff4eeaed1b88b74a4a0b9f2b733202b52e8c35c0182b6a01e5a14ce8979
SHA512

8445295691e3ef8c04f67643dbb06384c1e0916d43074dd3b272fc7d0efcb964d742137014c9de24e13854c1abcbb50b312408c0a3f2dcfa4b8c8ba1621476c9
SSDEEP

12288:BRpaJ8Jy0gmbcGS/DyIVYt+hWaoii6Kw10VrrJNAoGBWcZ0+q8:1+8Jy0gmbDS/WwYgDi6K/pNJxo1

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.12

C2

http://brodoyouevenlift.co.za

Attributes

install_dir
ce3eb8f6b2
install_file
Utsysc.exe
strings_key
c5b804d7b4c8a99f5afb89e5203cf3ba
url_paths
/g9sdjScV2/index.php

/vdhe8ejs3/index.php

rc4.plain

Targets

- Target
  
  bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68.exe
- Size
  
  778KB
- MD5
  
  d182c5cc932fdf30690e58b1c7e297de
- SHA1
  
  249540ccad900d3cc6c5b2ccc9447d5ca895879d
- SHA256
  
  bb150377b93d4df2a877a68e700490644290a0ea59001c189e55bbf62bad1e68
- SHA512
  
  7038d3a737edd97fa9278c5c76df5e5cccfd0b6bc10cf76d422e0ec3b244519863d959b350dc3b8712203df6bf6f9f134db68b60545421bd6c65b83ec0aef380
- SSDEEP
  
  12288:6bgEa19Hi8mgRp0rAj67YdHZhvWvMS8jTRaFxnn4wGTl:zPmy0rm1XvWvt8jTw/0T
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2