amadey | dcc559c45ecf4159655411999117728f288c7e50c78a2414d020f75cc2b86364 | Triage

Sharing

General

Target

ftewk.exe
Size

334KB
Sample

231125-rylfwsba49
MD5

21a947b4e4a65510aa9188cc950bc943
SHA1

9ee64e984916c52852c31d89b65a08eb2ec61e17
SHA256

dcc559c45ecf4159655411999117728f288c7e50c78a2414d020f75cc2b86364
SHA512

358105b5371c8988e125040b0cd469854a58b96017bab1d10a5fa826d4ca368705f9994696cf4254f0ab5f7b12f5f2d12ca7aeb75ccf1ed568bbb360efa19684
SSDEEP

6144:yTHdZRgemI+7bRjfY3hzVbYTwmpwkwtxxlHltWQImbvv/:yT9/gfI+7bRjfYRdgw+wkixjFUmr/

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

3.08

C2

http://193.106.191.201

Attributes

install_dir
b3dcf4c296
install_file
ftewk.exe
strings_key
cb8ccbe6da37d4a50d7be5c517c157de
url_paths
/panelis/index.php

rc4.plain

Targets

- Target
  
  ftewk.exe
- Size
  
  334KB
- MD5
  
  21a947b4e4a65510aa9188cc950bc943
- SHA1
  
  9ee64e984916c52852c31d89b65a08eb2ec61e17
- SHA256
  
  dcc559c45ecf4159655411999117728f288c7e50c78a2414d020f75cc2b86364
- SHA512
  
  358105b5371c8988e125040b0cd469854a58b96017bab1d10a5fa826d4ca368705f9994696cf4254f0ab5f7b12f5f2d12ca7aeb75ccf1ed568bbb360efa19684
- SSDEEP
  
  6144:yTHdZRgemI+7bRjfY3hzVbYTwmpwkwtxxlHltWQImbvv/:yT9/gfI+7bRjfYRdgw+wkixjFUmr/
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2