amadey | 9a992de6256ebd4206d07cc5916011ef631d9798161de0a05ff1c114bbf241d7 | Triage

Sharing

General

Target

9a992de6.exe
Size

3.0MB
Sample

240129-dbg83ahgak
MD5

3eedb7ab4ab81081e6fe25b117d4698c
SHA1

20540442599ee9f254f3b7adfe116c2890cd227d
SHA256

9a992de6256ebd4206d07cc5916011ef631d9798161de0a05ff1c114bbf241d7
SHA512

5e1426b420c647bed333235763517d91aa6f8b19e52b4d100bb2ad8f1024592e1e82b4c15ed2b4275258fca99b2a71b740c2551200973dbb31bbf7343fd2b58d
SSDEEP

49152:ehsWom5L52gTmt+XMnJO39/34+DCTeenrfQpGHu4HSZWYExaO3s45O7ZdyAbm5NQ:eyPi2gTmtyMJO9/o2CFnTQ2jyZWYExaq

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://5.42.66.29

Attributes

install_dir
f60f0ba310
install_file
Dctooux.exe
strings_key
f34f781563773d1d56ad6459936524d1
url_paths
/b9djjcaSed/index.php

rc4.plain

Targets

- Target
  
  9a992de6.exe
- Size
  
  3.0MB
- MD5
  
  3eedb7ab4ab81081e6fe25b117d4698c
- SHA1
  
  20540442599ee9f254f3b7adfe116c2890cd227d
- SHA256
  
  9a992de6256ebd4206d07cc5916011ef631d9798161de0a05ff1c114bbf241d7
- SHA512
  
  5e1426b420c647bed333235763517d91aa6f8b19e52b4d100bb2ad8f1024592e1e82b4c15ed2b4275258fca99b2a71b740c2551200973dbb31bbf7343fd2b58d
- SSDEEP
  
  49152:ehsWom5L52gTmt+XMnJO39/34+DCTeenrfQpGHu4HSZWYExaO3s45O7ZdyAbm5NQ:eyPi2gTmtyMJO9/o2CFnTQ2jyZWYExaq
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1