amadey | 496c9e3dca599f72f707270424f07ccd3037e419d7fed441e699db0c14140de1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

496c9e3dca599f72f707270424f07ccd3037e419d7fed441e699db0c14140de1
Size

294KB
Sample

240204-d74f6sgec9
MD5

99ea8a333d23ec742ec8a7263b1eae56
SHA1

6ee2160e4f2959b10e841a5257bf84d639cea728
SHA256

496c9e3dca599f72f707270424f07ccd3037e419d7fed441e699db0c14140de1
SHA512

4325985432a557b19e80a5b3e8ad9043208496adbb5e7f76924d81720f3abcb6190b9c687fd1927403fd61b78a7bc93f07f8f83063d6104c993c2f58a2198b4b
SSDEEP

6144:Y1uHh8eVTJQ4JRs43u9TmxhXDqJjBPfaP:iCVTJQ4PshmWtBnaP

Score

10^/10

amadey smokeloader pub1 backdoor trojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://humydrole.com/tmp/index.php

http://trunk-co.ru/tmp/index.php

http://weareelight.com/tmp/index.php

http://pirateking.online/tmp/index.php

http://piratia.pw/tmp/index.php

http://go-piratia.ru/tmp/index.php

rc4.i32

rc4.i32

Extracted

Family

amadey

Version

4.14

C2

http://anfesq.com

http://cbinr.com

http://rimakc.ru

Attributes

install_dir
68fd3d7ade
install_file
Utsysc.exe
strings_key
27ec7fd6f50f63b8af0c1d3deefcc8fe
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  496c9e3dca599f72f707270424f07ccd3037e419d7fed441e699db0c14140de1
- Size
  
  294KB
- MD5
  
  99ea8a333d23ec742ec8a7263b1eae56
- SHA1
  
  6ee2160e4f2959b10e841a5257bf84d639cea728
- SHA256
  
  496c9e3dca599f72f707270424f07ccd3037e419d7fed441e699db0c14140de1
- SHA512
  
  4325985432a557b19e80a5b3e8ad9043208496adbb5e7f76924d81720f3abcb6190b9c687fd1927403fd61b78a7bc93f07f8f83063d6104c993c2f58a2198b4b
- SSDEEP
  
  6144:Y1uHh8eVTJQ4JRs43u9TmxhXDqJjBPfaP:iCVTJQ4PshmWtBnaP
Score

10^/10

amadey smokeloader pub1 backdoor trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeysmokeloaderpub1backdoortrojan

behavioral2

amadeysmokeloaderpub1backdoortrojan