amadey | c61b7829b37f19fe78ee49c1aba9e0ea70a65eddfd40b137a7489e63c0f1e184 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe
Size

222KB
Sample

240126-p82jrafehp
MD5

c33142578391a12cdaa3502631ccf6a8
SHA1

d7b44dc27084ad0daf9e3af7bc18432a7e176df7
SHA256

c61b7829b37f19fe78ee49c1aba9e0ea70a65eddfd40b137a7489e63c0f1e184
SHA512

5cb517283da53707696692dd212b49dc79bcc5f579846713090091aee966497273d82fbd6a51d95d8b6769c68f91fe88f9cad48671c2703487d45b885d64dd95
SSDEEP

6144:WzJK+H1xRDriEhJIvD7cMs3LssdLW1uyssJ:WzxfdJIvvvsLTdLW1uys

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

2.85

C2

http://23.106.215.95

Attributes

install_dir
3129558ede
install_file
ntools.exe
strings_key
aa0bd6a5547b1594628920a66d03ad11
url_paths
/G9qpzLe/index.php

rc4.plain

Targets

- Target
  
  ef28dab48f99d5eec872f41b66d015d2a509f3d7f69ddccdb4ec47a25088737f.exe
- Size
  
  222KB
- MD5
  
  c33142578391a12cdaa3502631ccf6a8
- SHA1
  
  d7b44dc27084ad0daf9e3af7bc18432a7e176df7
- SHA256
  
  c61b7829b37f19fe78ee49c1aba9e0ea70a65eddfd40b137a7489e63c0f1e184
- SHA512
  
  5cb517283da53707696692dd212b49dc79bcc5f579846713090091aee966497273d82fbd6a51d95d8b6769c68f91fe88f9cad48671c2703487d45b885d64dd95
- SSDEEP
  
  6144:WzJK+H1xRDriEhJIvD7cMs3LssdLW1uyssJ:WzxfdJIvvvsLTdLW1uys
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2