amadey | 0aca64d7066e48d14f232f01d55d128b875b2de0a29f1e7fee7e980e5a5a9a53 | Triage

Sharing

General

Target

e0dfb50d544ec355cd56374677e97e1e
Size

4.1MB
Sample

240327-f3mc7sde87
MD5

e0dfb50d544ec355cd56374677e97e1e
SHA1

c4cb9fa8cdfab22b77c9c84cbb353c37edfd58d6
SHA256

0aca64d7066e48d14f232f01d55d128b875b2de0a29f1e7fee7e980e5a5a9a53
SHA512

016308415cb45a702756a27bd37dab1fda9d57924896ac37e12ac77dd0c09e240ee5de90c5dd092174d34fbcf1289fe5617b0b0297b0f09fd5a8bbe94553a225
SSDEEP

98304:JbnQlG+e2f0tl5t/+VO9ql3+Mmw2m7c57giraEkq1AIcO:JbQl3mtR/tc+MYQdIb

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

2.31

Attributes

install_dir
8a643770bf
install_file
drbux.exe
strings_key
a4b4e846f6cf1a081d182d6cd3bf1ee7
url_paths
/hfV3vDtt/index.php

rc4.plain

Targets

- Target
  
  e0dfb50d544ec355cd56374677e97e1e
- Size
  
  4.1MB
- MD5
  
  e0dfb50d544ec355cd56374677e97e1e
- SHA1
  
  c4cb9fa8cdfab22b77c9c84cbb353c37edfd58d6
- SHA256
  
  0aca64d7066e48d14f232f01d55d128b875b2de0a29f1e7fee7e980e5a5a9a53
- SHA512
  
  016308415cb45a702756a27bd37dab1fda9d57924896ac37e12ac77dd0c09e240ee5de90c5dd092174d34fbcf1289fe5617b0b0297b0f09fd5a8bbe94553a225
- SSDEEP
  
  98304:JbnQlG+e2f0tl5t/+VO9ql3+Mmw2m7c57giraEkq1AIcO:JbQl3mtR/tc+MYQdIb
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2