amadey | 27ad905e0fa63d89cb28e5079d24b1551ecbc7b969ac9499a07e34a187837503 | Triage

Sharing

General

Target

9f9442ad19be16ace51c67635d2435de.exe
Size

446KB
Sample

231207-vjg2psdh62
MD5

9f9442ad19be16ace51c67635d2435de
SHA1

b328a6d18a31534def5f4f9adda9f3da3644f933
SHA256

27ad905e0fa63d89cb28e5079d24b1551ecbc7b969ac9499a07e34a187837503
SHA512

8c9bca45e7d85e8ade121efed260846b1cd05c6917fc70007a61189efae7c8ab34a913127bd21f382a4d0ab5f7de1556bb0acfc769756a501e6e21597a0d357e
SSDEEP

6144:KvEuSnngHwAALG8LRWTyeL1QegNZz9YfoRzMp:AEuonewXRt6KT9jp

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.11

C2

http://shohetrc.com

http://sibcomputer.ru

http://tve-mail.com

Attributes

install_dir
d4dd819322
install_file
Utsysc.exe
strings_key
8419b3024d6f72beef8af6915e592308
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  9f9442ad19be16ace51c67635d2435de.exe
- Size
  
  446KB
- MD5
  
  9f9442ad19be16ace51c67635d2435de
- SHA1
  
  b328a6d18a31534def5f4f9adda9f3da3644f933
- SHA256
  
  27ad905e0fa63d89cb28e5079d24b1551ecbc7b969ac9499a07e34a187837503
- SHA512
  
  8c9bca45e7d85e8ade121efed260846b1cd05c6917fc70007a61189efae7c8ab34a913127bd21f382a4d0ab5f7de1556bb0acfc769756a501e6e21597a0d357e
- SSDEEP
  
  6144:KvEuSnngHwAALG8LRWTyeL1QegNZz9YfoRzMp:AEuonewXRt6KT9jp
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2