amadey | fef18503bd1483f6021e4cbe418a42045493769a15d69c0b59d99cf5be382997 | Triage

Sharing

General

Target

73c5cf6f7f25e7473322477646238a24_JaffaCakes118
Size

712KB
Sample

240526-axsedagh72
MD5

73c5cf6f7f25e7473322477646238a24
SHA1

0a51291e7395d2e5ecba73aedb762de155150c5f
SHA256

fef18503bd1483f6021e4cbe418a42045493769a15d69c0b59d99cf5be382997
SHA512

21712c3799f9dd065739727707907e895dd6e27a86bdef79e861cebb4ec90949a3d2d3dbf22e16b7d9c6e010713a45a631b33635b3ba5c184936722f8df52a06
SSDEEP

12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

1.99

C2

217.8.117.41/nbDcw2d/index.php

Targets

- Target
  
  73c5cf6f7f25e7473322477646238a24_JaffaCakes118
- Size
  
  712KB
- MD5
  
  73c5cf6f7f25e7473322477646238a24
- SHA1
  
  0a51291e7395d2e5ecba73aedb762de155150c5f
- SHA256
  
  fef18503bd1483f6021e4cbe418a42045493769a15d69c0b59d99cf5be382997
- SHA512
  
  21712c3799f9dd065739727707907e895dd6e27a86bdef79e861cebb4ec90949a3d2d3dbf22e16b7d9c6e010713a45a631b33635b3ba5c184936722f8df52a06
- SSDEEP
  
  12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2