amadey | 4f06f4f9d9d8ee3e912a67e1fb3fc27a335512ba102a2d8d006fbc5789df2451 | Triage

Sharing

General

Target

1380-2-0x00000000007A0000-0x0000000000C5A000-memory.dmp
Size

4.7MB
Sample

240327-hzs3pafb68
MD5

0e463826f6249c6f0c62464374f1e2ec
SHA1

6bae164b91b4fdb5b131f24f2960c7cd958d00b6
SHA256

4f06f4f9d9d8ee3e912a67e1fb3fc27a335512ba102a2d8d006fbc5789df2451
SHA512

f6b950682cf6ef2ea1310ad83fdc3d686d2b2e7ac59430b81705324154d5e492e2563d6c275c793eaea963a81c2a1b071300c43f93233228ff03ba2b3e65a704
SSDEEP

49152:PdsDQFAHJCZwK9ShfPNqhMbdKStjmVwI6s3+MMRGSDqJYFjVV0pHQIuVmnufM:uD2AHYiK8h3NqhEtEzkQ0fKijmn

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Targets

- Target
  
  1380-2-0x00000000007A0000-0x0000000000C5A000-memory.dmp
- Size
  
  4.7MB
- MD5
  
  0e463826f6249c6f0c62464374f1e2ec
- SHA1
  
  6bae164b91b4fdb5b131f24f2960c7cd958d00b6
- SHA256
  
  4f06f4f9d9d8ee3e912a67e1fb3fc27a335512ba102a2d8d006fbc5789df2451
- SHA512
  
  f6b950682cf6ef2ea1310ad83fdc3d686d2b2e7ac59430b81705324154d5e492e2563d6c275c793eaea963a81c2a1b071300c43f93233228ff03ba2b3e65a704
- SSDEEP
  
  49152:PdsDQFAHJCZwK9ShfPNqhMbdKStjmVwI6s3+MMRGSDqJYFjVV0pHQIuVmnufM:uD2AHYiK8h3NqhEtEzkQ0fKijmn
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2