amadey | a751e988a0233df56830c7292b0e5d882a7473a2e4bc63bef3947101d6b80d5c | Triage

Sharing

General

Target

a751e988a0233df56830c7292b0e5d882a7473a2e4bc63bef3947101d6b80d5c
Size

422KB
Sample

240619-lk6a9aselp
MD5

2799d3fad26f3ff81072e403815f2f04
SHA1

dfcc5ecac30627f45b1ecf1333ef2174dc6f22d3
SHA256

a751e988a0233df56830c7292b0e5d882a7473a2e4bc63bef3947101d6b80d5c
SHA512

7c6a51780820cd05f38b8f65574b616cd4400bce8b1b8906ec73a6d73639695973681cc265582e63db12b13c6b4fec499264d6bcc519a4809f60dc4fde1d0531
SSDEEP

12288:UHp2U/mMWehhci2q4AjnYxIjNW21bXBKrv/H:Lt3enESKI1zBUv/

Score

10^/10

amadey b2c2c1 trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes

install_dir
e221f72865
install_file
Dctooux.exe
strings_key
09a7af7983af08af50ea3f51a73065e9
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  a751e988a0233df56830c7292b0e5d882a7473a2e4bc63bef3947101d6b80d5c
- Size
  
  422KB
- MD5
  
  2799d3fad26f3ff81072e403815f2f04
- SHA1
  
  dfcc5ecac30627f45b1ecf1333ef2174dc6f22d3
- SHA256
  
  a751e988a0233df56830c7292b0e5d882a7473a2e4bc63bef3947101d6b80d5c
- SHA512
  
  7c6a51780820cd05f38b8f65574b616cd4400bce8b1b8906ec73a6d73639695973681cc265582e63db12b13c6b4fec499264d6bcc519a4809f60dc4fde1d0531
- SSDEEP
  
  12288:UHp2U/mMWehhci2q4AjnYxIjNW21bXBKrv/H:Lt3enESKI1zBUv/
Score

10^/10

amadey b2c2c1 trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadeyb2c2c1trojan

behavioral2

amadeyb2c2c1trojan