amadey | 8d46c40c409984308bf9a43673dcfd97a9b460114869194e8163aaf06d74f2d5 | Triage

Sharing

General

Target

8d46c40c409984308bf9a43673dcfd97a9b460114869194e8163aaf06d74f2d5
Size

442KB
Sample

240605-mdncjach3z
MD5

0172a14cc31c07e8297ea92083c94551
SHA1

457abd00a63729c1a5ed3f259e9d2865184a9f3d
SHA256

8d46c40c409984308bf9a43673dcfd97a9b460114869194e8163aaf06d74f2d5
SHA512

1a9c6f225e44015485fda7531233bcf09e5303965aed791475de1b783f00574d6d2cd2424e7eb3df3a57884420564ab8f733541e7ed01dacc591a370e4de326f
SSDEEP

12288:MUwAyBoj109MuP7/EQv2xZvOaOujZpHGY:b6SuMuLIxzX1UY

Score

10^/10

amadey 9a3efc trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes

install_dir
b9695770f1
install_file
Dctooux.exe
strings_key
1d3a0f2941c4060dba7f23a378474944
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  8d46c40c409984308bf9a43673dcfd97a9b460114869194e8163aaf06d74f2d5
- Size
  
  442KB
- MD5
  
  0172a14cc31c07e8297ea92083c94551
- SHA1
  
  457abd00a63729c1a5ed3f259e9d2865184a9f3d
- SHA256
  
  8d46c40c409984308bf9a43673dcfd97a9b460114869194e8163aaf06d74f2d5
- SHA512
  
  1a9c6f225e44015485fda7531233bcf09e5303965aed791475de1b783f00574d6d2cd2424e7eb3df3a57884420564ab8f733541e7ed01dacc591a370e4de326f
- SSDEEP
  
  12288:MUwAyBoj109MuP7/EQv2xZvOaOujZpHGY:b6SuMuLIxzX1UY
Score

10^/10

amadey 9a3efc trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey9a3efctrojan

behavioral2

amadey9a3efctrojan