amadey | 11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945 | Triage

Sharing

General

Target

11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945
Size

2.6MB
Sample

231205-kmklwsad93
MD5

5f2476a80b7ad8a8083b0ec5d5f904ed
SHA1

198005ee8ff0cacc32aa0613f4f6c7e12ca47d44
SHA256

11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945
SHA512

ec0963116b4e1b3222834253af4c21b61465887baeba4830fd96006943a452b3c6671bad338b6663ebf3bc184caf0ca50dd0402e8faa1ec5617c9f6c707935c3
SSDEEP

49152:yHYMlMk7lxGhm1nUfEWW+WKBry81Gk4yvyD0mfCFIYQR:y4MlMCG4FUcWW+dy8UKCdR

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.125

Attributes

install_dir
4fdb51ccdc
install_file
Utsysc.exe
strings_key
a70b05054314f381be1ab9a5cdc8b250
url_paths
/u6vhSc3PPq/index.php

rc4.plain

Targets

- Target
  
  11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945
- Size
  
  2.6MB
- MD5
  
  5f2476a80b7ad8a8083b0ec5d5f904ed
- SHA1
  
  198005ee8ff0cacc32aa0613f4f6c7e12ca47d44
- SHA256
  
  11d9612a66d3b41cbfc4e95831f77f5d3008c390a5d0bb7a7847ff855e5e9945
- SHA512
  
  ec0963116b4e1b3222834253af4c21b61465887baeba4830fd96006943a452b3c6671bad338b6663ebf3bc184caf0ca50dd0402e8faa1ec5617c9f6c707935c3
- SSDEEP
  
  49152:yHYMlMk7lxGhm1nUfEWW+WKBry81Gk4yvyD0mfCFIYQR:y4MlMCG4FUcWW+dy8UKCdR
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1