amadey | 2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441 | Triage

Sharing

General

Target

f4a5122b23d930794978c4615b0ce6d9.exe
Size

5.8MB
Sample

231206-vawhqsfc3z
MD5

f4a5122b23d930794978c4615b0ce6d9
SHA1

8e34c6a3da1d048b932c20b15fd6ba119677d57c
SHA256

2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441
SHA512

bc98cc58195392f944b82bdb8e246315c0b3670ec3f3ff8f44385fe14b8fdab942dc94ac87313a4c824bdb189b3b7eccb6b09e4781ebe49fb9a99f1e199a1bca
SSDEEP

98304:+houLKz8ObAUvRXrrmARbgc4RS6HrHbAdMd93J7OgVNLIKORMed6KSu:+h9LKz8CXhvrRL4RS67bAd63J7vREX0

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.13

C2

http://185.172.128.125

Attributes

install_dir
4fdb51ccdc
install_file
Utsysc.exe
strings_key
a70b05054314f381be1ab9a5cdc8b250
url_paths
/u6vhSc3PPq/index.php

rc4.plain

Targets

- Target
  
  f4a5122b23d930794978c4615b0ce6d9.exe
- Size
  
  5.8MB
- MD5
  
  f4a5122b23d930794978c4615b0ce6d9
- SHA1
  
  8e34c6a3da1d048b932c20b15fd6ba119677d57c
- SHA256
  
  2514ec71e8ecb604c6b979d954ddb1d63402a513912000eaa3d8d6dfa98f7441
- SHA512
  
  bc98cc58195392f944b82bdb8e246315c0b3670ec3f3ff8f44385fe14b8fdab942dc94ac87313a4c824bdb189b3b7eccb6b09e4781ebe49fb9a99f1e199a1bca
- SSDEEP
  
  98304:+houLKz8ObAUvRXrrmARbgc4RS6HrHbAdMd93J7OgVNLIKORMed6KSu:+h9LKz8CXhvrRL4RS67bAd63J7vREX0
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2