amadey | 89075466857b6ae98f929587425faa6817caf02d546b6f0ee53b966127d44b29 | Triage

Sharing

General

Target

770e01ce4d963b40fe2ccb68797da7a8_JaffaCakes118
Size

712KB
Sample

240401-ww1j9abd6x
MD5

770e01ce4d963b40fe2ccb68797da7a8
SHA1

3b93283b990b8215967c29f5bc784c4d85d1c2e4
SHA256

89075466857b6ae98f929587425faa6817caf02d546b6f0ee53b966127d44b29
SHA512

affedb9c56960fb7ca1efd63e899d8e2d075ee6d070d1f6074b5708cad841804adaffb1fbb15a6b0981064732c6dd7af392801589266877d4cc7f512ccee0ac9
SSDEEP

12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

1.99

C2

217.8.117.41/nbDcw2d/index.php

Targets

- Target
  
  770e01ce4d963b40fe2ccb68797da7a8_JaffaCakes118
- Size
  
  712KB
- MD5
  
  770e01ce4d963b40fe2ccb68797da7a8
- SHA1
  
  3b93283b990b8215967c29f5bc784c4d85d1c2e4
- SHA256
  
  89075466857b6ae98f929587425faa6817caf02d546b6f0ee53b966127d44b29
- SHA512
  
  affedb9c56960fb7ca1efd63e899d8e2d075ee6d070d1f6074b5708cad841804adaffb1fbb15a6b0981064732c6dd7af392801589266877d4cc7f512ccee0ac9
- SSDEEP
  
  12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2