amadey | 52286333dc380793b2fa162afcbdb93a25372296e6940df42a2b6c99389dc09b

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2023 15:21

Target

7e46d4436b93d1420eeaf0093aea2134.exe
Size

435KB
MD5

7e46d4436b93d1420eeaf0093aea2134
SHA1

f1824d9fa5df628082e108989de4a2f19f9658fd
SHA256

52286333dc380793b2fa162afcbdb93a25372296e6940df42a2b6c99389dc09b
SHA512

c3e67d13d0d398ce55ec8bc5a9775df4608b73d22a9f2305d7bed75f1641fe653310c4b5fc1fbeeb84458f2e82a561361a0d332aff945d42df2ea318ea8136df
SSDEEP

6144:VkucYCuJJRlcmGXTOHgcTzZ8/q29aWVKVM38AnhLKAHqG:V5cYCaJ3cjXcnTzubsG

Score

10^/10

amadey trojan

Family

amadey

Version

4.11

http://shohetrc.com

http://sibcomputer.ru

http://tve-mail.com

Attributes

rc4.plain

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1272	4352	WerFault.exe	7e46d4436b93d1420eeaf0093aea2134.exe
2792	4352	WerFault.exe	7e46d4436b93d1420eeaf0093aea2134.exe
4436	4352	WerFault.exe	7e46d4436b93d1420eeaf0093aea2134.exe
3928	4352	WerFault.exe	7e46d4436b93d1420eeaf0093aea2134.exe
3880	4352	WerFault.exe	7e46d4436b93d1420eeaf0093aea2134.exe
1908	4352	WerFault.exe	7e46d4436b93d1420eeaf0093aea2134.exe

C:\Users\Admin\AppData\Local\Temp\7e46d4436b93d1420eeaf0093aea2134.exe
"C:\Users\Admin\AppData\Local\Temp\7e46d4436b93d1420eeaf0093aea2134.exe"
1⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 596
2⤵
- Program crash
PID:1272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 680
2⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 748
2⤵
- Program crash
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 844
2⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 884
2⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 900
2⤵
- Program crash
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4352 -ip 4352
1⤵
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4352 -ip 4352
1⤵
PID:968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4352 -ip 4352
1⤵
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4352 -ip 4352
1⤵
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4352 -ip 4352
1⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4352 -ip 4352
1⤵
PID:5016

memory/4352-1-0x0000000002DA0000-0x0000000002EA0000-memory.dmp

Filesize
1024KB

Download
memory/4352-2-0x0000000002BE0000-0x0000000002C4C000-memory.dmp

Filesize
432KB

Download
memory/4352-3-0x0000000000400000-0x0000000002AE4000-memory.dmp

Filesize
38.9MB

Download