amadey | 5fa605bf9666dc9486a83737d1f77e241bb27a033e609625499f17dbf608e840 | Triage

Sharing

General

Target

am.exe
Size

8.1MB
Sample

240403-he7qcaab9t
MD5

31fd3d2bdee0fd45c35273bebe4907fa
SHA1

e464d8d3e5a16c0484ecb40e0599a3b4ad1e3f21
SHA256

5fa605bf9666dc9486a83737d1f77e241bb27a033e609625499f17dbf608e840
SHA512

5a5558811d5a167db43a0a96679f253c3692921e59bc61708a66f6f55458441bb3c3bdc24896eefabd5f2edfb6c87b87be520bd8abd29b0428d831d24ae947b9
SSDEEP

196608:Z0SPWFEHfuhw52hhflik2kYrq/d/wNHP7as4v:Zgqfuhw0hmZry4NesG

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.19

C2

http://bestofthebesttraining.com

Attributes

install_dir
763b1308d2
install_file
Dctooux.exe
strings_key
039c1d21f5b79a4ad9168019f3454a0c
url_paths
/8BvxwQdec3/index.php

rc4.plain

Targets

- Target
  
  am.exe
- Size
  
  8.1MB
- MD5
  
  31fd3d2bdee0fd45c35273bebe4907fa
- SHA1
  
  e464d8d3e5a16c0484ecb40e0599a3b4ad1e3f21
- SHA256
  
  5fa605bf9666dc9486a83737d1f77e241bb27a033e609625499f17dbf608e840
- SHA512
  
  5a5558811d5a167db43a0a96679f253c3692921e59bc61708a66f6f55458441bb3c3bdc24896eefabd5f2edfb6c87b87be520bd8abd29b0428d831d24ae947b9
- SSDEEP
  
  196608:Z0SPWFEHfuhw52hhflik2kYrq/d/wNHP7as4v:Zgqfuhw0hmZry4NesG
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2