amadey | bef37c1e8c99f3afdede1c218f103ea4c6adeced20b332776d7fd6a8a18305ca | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5A14BA286D692A6D65DBCF7340EA1C8C.exe
Size

427KB
Sample

240419-jsfpfsdc31
MD5

5a14ba286d692a6d65dbcf7340ea1c8c
SHA1

18f9696dc24d77c26a2dfcc8f5ac72400aaafcd5
SHA256

bef37c1e8c99f3afdede1c218f103ea4c6adeced20b332776d7fd6a8a18305ca
SHA512

8d7c49d14c6ea1a9a6a4a4e296803b80c055618a4e934059b9fb430c3b723317509ef70604494a4f33f763790c1773f2c32071b2be57f9c590fe7a3ad91ff646
SSDEEP

12288:VHV3dMrZOzwaQl71dTylBGqupeU8N8UAK27:V1NMrZ+wp1yW5vK8

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

4.19

C2

http://91.202.233.180

Attributes

install_dir
ccbfb9d50e
install_file
Dctooux.exe
strings_key
850aa0a7ef5b1538a80ca3c98fcfd026
url_paths
/g88sks2SaM/index.php

rc4.plain

Targets

- Target
  
  5A14BA286D692A6D65DBCF7340EA1C8C.exe
- Size
  
  427KB
- MD5
  
  5a14ba286d692a6d65dbcf7340ea1c8c
- SHA1
  
  18f9696dc24d77c26a2dfcc8f5ac72400aaafcd5
- SHA256
  
  bef37c1e8c99f3afdede1c218f103ea4c6adeced20b332776d7fd6a8a18305ca
- SHA512
  
  8d7c49d14c6ea1a9a6a4a4e296803b80c055618a4e934059b9fb430c3b723317509ef70604494a4f33f763790c1773f2c32071b2be57f9c590fe7a3ad91ff646
- SSDEEP
  
  12288:VHV3dMrZOzwaQl71dTylBGqupeU8N8UAK27:V1NMrZ+wp1yW5vK8
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2