amadey | 751ad0b26586c0dbb06379c8bbb1b7a47e77adc19c3f068d6305f47faec551b2 | Triage

Sharing

General

Target

7077ab5685f753d94192aca8e3158fb5.exe
Size

6.2MB
Sample

240327-qdsh2acg52
MD5

7077ab5685f753d94192aca8e3158fb5
SHA1

a73f1b79f6a1fccc0cb4f10b875a0b5a0182dc90
SHA256

751ad0b26586c0dbb06379c8bbb1b7a47e77adc19c3f068d6305f47faec551b2
SHA512

64001b470b17434a051b64477955175f5c35db89761477dd5473f8229e6b141a252ab0ed0cef6655135be4fa70f13313475a427195e3013a7a2c061cd260ef26
SSDEEP

98304:Xrxkmr7CWoqbb4ngAFGw7WClREnjwaeSkMc88QS+qE0AaG8MlftjxeUZH:XKyzoLgkW4RmKMcJWqE0AaGxftjx/Z

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.19

C2

http://creationofprogress.com

Attributes

install_dir
603179bf2d
install_file
Dctooux.exe
strings_key
e6d1abb3e9573b823ce443b691fcda47
url_paths
/8BvxwQdec3/index.php

rc4.plain

Targets

- Target
  
  7077ab5685f753d94192aca8e3158fb5.exe
- Size
  
  6.2MB
- MD5
  
  7077ab5685f753d94192aca8e3158fb5
- SHA1
  
  a73f1b79f6a1fccc0cb4f10b875a0b5a0182dc90
- SHA256
  
  751ad0b26586c0dbb06379c8bbb1b7a47e77adc19c3f068d6305f47faec551b2
- SHA512
  
  64001b470b17434a051b64477955175f5c35db89761477dd5473f8229e6b141a252ab0ed0cef6655135be4fa70f13313475a427195e3013a7a2c061cd260ef26
- SSDEEP
  
  98304:Xrxkmr7CWoqbb4ngAFGw7WClREnjwaeSkMc88QS+qE0AaG8MlftjxeUZH:XKyzoLgkW4RmKMcJWqE0AaGxftjx/Z
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2