amadey | 751ad0b26586c0dbb06379c8bbb1b7a47e77adc19c3f068d6305f47faec551b2 | Triage

Sharing

General

Target

7077ab5685f753d94192aca8e3158fb5.exe
Size

6.2MB
Sample

240327-qdsh2acg52
MD5

7077ab5685f753d94192aca8e3158fb5
SHA1

a73f1b79f6a1fccc0cb4f10b875a0b5a0182dc90
SHA256

751ad0b26586c0dbb06379c8bbb1b7a47e77adc19c3f068d6305f47faec551b2
SHA512

64001b470b17434a051b64477955175f5c35db89761477dd5473f8229e6b141a252ab0ed0cef6655135be4fa70f13313475a427195e3013a7a2c061cd260ef26
SSDEEP

98304:Xrxkmr7CWoqbb4ngAFGw7WClREnjwaeSkMc88QS+qE0AaG8MlftjxeUZH:XKyzoLgkW4RmKMcJWqE0AaGxftjx/Z

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.19

C2

http://creationofprogress.com

Attributes

install_dir
603179bf2d
install_file
Dctooux.exe
strings_key
e6d1abb3e9573b823ce443b691fcda47
url_paths
/8BvxwQdec3/index.php

rc4.plain

Targets

- Target
  
  7077ab5685f753d94192aca8e3158fb5.exe
- Size
  
  6.2MB
- MD5
  
  7077ab5685f753d94192aca8e3158fb5
- SHA1
  
  a73f1b79f6a1fccc0cb4f10b875a0b5a0182dc90
- SHA256
  
  751ad0b26586c0dbb06379c8bbb1b7a47e77adc19c3f068d6305f47faec551b2
- SHA512
  
  64001b470b17434a051b64477955175f5c35db89761477dd5473f8229e6b141a252ab0ed0cef6655135be4fa70f13313475a427195e3013a7a2c061cd260ef26
- SSDEEP
  
  98304:Xrxkmr7CWoqbb4ngAFGw7WClREnjwaeSkMc88QS+qE0AaG8MlftjxeUZH:XKyzoLgkW4RmKMcJWqE0AaGxftjx/Z
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2