amadey | efc0d9b8a1248079246a0c700927c2405ef76b5e6a899c8e97f603d54651db40 | Triage

Sharing

General

Target

9ff7edfe77efb892b78b9afe94d7589a_JaffaCakes118
Size

712KB
Sample

240612-jyyr8avfqh
MD5

9ff7edfe77efb892b78b9afe94d7589a
SHA1

cb61f8e1dfb7a4720c87c85b8bdb33a9deab5b9c
SHA256

efc0d9b8a1248079246a0c700927c2405ef76b5e6a899c8e97f603d54651db40
SHA512

0b978fafc19e2ecebd16323a8a1ef69e25afa8246568e72e83f70538a01391c032a75ea0c2eeafb2152947cfe9b1faab89799505604cfbb7977d89257b5729d7
SSDEEP

12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn

Score

10^/10

amadey trojan

Malware Config

Extracted

Family

amadey

Version

1.99

C2

217.8.117.41/nbDcw2d/index.php

Targets

- Target
  
  9ff7edfe77efb892b78b9afe94d7589a_JaffaCakes118
- Size
  
  712KB
- MD5
  
  9ff7edfe77efb892b78b9afe94d7589a
- SHA1
  
  cb61f8e1dfb7a4720c87c85b8bdb33a9deab5b9c
- SHA256
  
  efc0d9b8a1248079246a0c700927c2405ef76b5e6a899c8e97f603d54651db40
- SHA512
  
  0b978fafc19e2ecebd16323a8a1ef69e25afa8246568e72e83f70538a01391c032a75ea0c2eeafb2152947cfe9b1faab89799505604cfbb7977d89257b5729d7
- SSDEEP
  
  12288:W6qx+GgJOpEheBWpJ0NjYZZRKFdCFqPryQ32E9i/4B:8QlmWpJGYZZ4FsFEpn
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2