amadey | e32964f90eaca100840a26037ed393f1e0f4a3bf8fd5b8b5dc4346bf3b7317a1 | Triage

Sharing

General

Target

e32964f90eaca100840a26037ed393f1e0f4a3bf8fd5b8b5dc4346bf3b7317a1
Size

3.7MB
Sample

240105-rwfgvsege8
MD5

ea5cc97486182854bc4cd1129e67d5c8
SHA1

8a46988516a59604ac17287afd4b0ea9a517ac46
SHA256

e32964f90eaca100840a26037ed393f1e0f4a3bf8fd5b8b5dc4346bf3b7317a1
SHA512

d14dde1b7685d37e32d0c57dd6a8c6927075ff3c2f78a42b432e791ef86509f830f2c2a02d437b885bada2bb6f279c3aa3215e49cb95910cf599d50e647f01e3
SSDEEP

98304:blgNJTzQcVaPxdF/pnDaWUG5TcgCvHSyJ7WBURPxH:ezAP990G5HUSyhrt

Score

10^/10

amadey persistence trojan

Malware Config

Extracted

Family

amadey

Version

4.15

C2

http://185.215.113.68

Attributes

install_dir
d887ceb89d
install_file
explorhe.exe
strings_key
7cadc181267fafff9df8503e730d60e1
url_paths
/theme/index.php

rc4.plain

Targets

- Target
  
  e32964f90eaca100840a26037ed393f1e0f4a3bf8fd5b8b5dc4346bf3b7317a1
- Size
  
  3.7MB
- MD5
  
  ea5cc97486182854bc4cd1129e67d5c8
- SHA1
  
  8a46988516a59604ac17287afd4b0ea9a517ac46
- SHA256
  
  e32964f90eaca100840a26037ed393f1e0f4a3bf8fd5b8b5dc4346bf3b7317a1
- SHA512
  
  d14dde1b7685d37e32d0c57dd6a8c6927075ff3c2f78a42b432e791ef86509f830f2c2a02d437b885bada2bb6f279c3aa3215e49cb95910cf599d50e647f01e3
- SSDEEP
  
  98304:blgNJTzQcVaPxdF/pnDaWUG5TcgCvHSyJ7WBURPxH:ezAP990G5HUSyhrt
Score

10^/10

amadey persistence trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadeypersistencetrojan