amadey | ab4266beccfd9680846605cae4639ad76fb624622e019cd99efc3821213f6bf1 | Triage

Sharing

General

Target

761fd3f46be0c4b7440fc719a88495ec_JaffaCakes118
Size

712KB
Sample

240526-t7nnqadg36
MD5

761fd3f46be0c4b7440fc719a88495ec
SHA1

b49e740f68fc8882939111dc6a0b1bf27d738b51
SHA256

ab4266beccfd9680846605cae4639ad76fb624622e019cd99efc3821213f6bf1
SHA512

a1845e618b67c89cd6e958a4b2f4f4f46bb2b8b622df13bb7ba1568e349d29e19d62b2e3dc62589bc32db265c9d1caa2c2ca03efc84f463feded1a6cc028f15f
SSDEEP

12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

1.99

C2

217.8.117.41/nbDcw2d/index.php

Targets

- Target
  
  761fd3f46be0c4b7440fc719a88495ec_JaffaCakes118
- Size
  
  712KB
- MD5
  
  761fd3f46be0c4b7440fc719a88495ec
- SHA1
  
  b49e740f68fc8882939111dc6a0b1bf27d738b51
- SHA256
  
  ab4266beccfd9680846605cae4639ad76fb624622e019cd99efc3821213f6bf1
- SHA512
  
  a1845e618b67c89cd6e958a4b2f4f4f46bb2b8b622df13bb7ba1568e349d29e19d62b2e3dc62589bc32db265c9d1caa2c2ca03efc84f463feded1a6cc028f15f
- SSDEEP
  
  12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2