amadey | 5be58f757b70ad861fd919be7e8e7816e64f1d151d963085094aa5d0bb15b4bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2868-2-0x0000000000960000-0x0000000000E25000-memory.dmp
Size

4.8MB
Sample

240319-dctngsgd3w
MD5

635854fe6d2559d03b2f44dc03d558d4
SHA1

65a4122fdbef285f01c83331f44eb013a0b9e2b6
SHA256

5be58f757b70ad861fd919be7e8e7816e64f1d151d963085094aa5d0bb15b4bb
SHA512

f42be607ad42c061682331568964507597af7e7b6cd4ed8ae012c6ebc12eefae8c8f7a24b8f57c3c146cbb8013df023d572b2c0a0dfccbc47acb81f235bc2201
SSDEEP

98304:zSeMo/RkK4irLQRfv8pETNNJzEaXylHm+tW9ha:z3ykERrwaXylHBtOha

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Targets

- Target
  
  2868-2-0x0000000000960000-0x0000000000E25000-memory.dmp
- Size
  
  4.8MB
- MD5
  
  635854fe6d2559d03b2f44dc03d558d4
- SHA1
  
  65a4122fdbef285f01c83331f44eb013a0b9e2b6
- SHA256
  
  5be58f757b70ad861fd919be7e8e7816e64f1d151d963085094aa5d0bb15b4bb
- SHA512
  
  f42be607ad42c061682331568964507597af7e7b6cd4ed8ae012c6ebc12eefae8c8f7a24b8f57c3c146cbb8013df023d572b2c0a0dfccbc47acb81f235bc2201
- SSDEEP
  
  98304:zSeMo/RkK4irLQRfv8pETNNJzEaXylHm+tW9ha:z3ykERrwaXylHBtOha
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2