amadey | 6eade5fbbdc3da227e7dfcece72382c4b62be2d7836f0301b3deead7751225d1 | Triage

Sharing

General

Target

6eade5fbbdc3da227e7dfcece72382c4b62be2d7836f0301b3deead7751225d1
Size

484KB
Sample

240620-m6gepatflc
MD5

2057f392e64792437e1ef363fa8281c9
SHA1

f2d6da9f7bc3292b095dbb08556a475731d4def6
SHA256

6eade5fbbdc3da227e7dfcece72382c4b62be2d7836f0301b3deead7751225d1
SHA512

a6eb40483170a119e373bc0b380b18cb270224276a47f28691cccf412beb633a5c45a862a5558d51d266733cc4f15da40f54e2df4f0cb5a327eecfffdb0cdd75
SSDEEP

6144:XQRLk3MmLibwe+MATqp8SFCkVmwTODcymSMhUA9h:Yo3Mmux4ThSV4cyhIUu

Score

10^/10

amadey 9a3efc trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes

install_dir
b9695770f1
install_file
Dctooux.exe
strings_key
1d3a0f2941c4060dba7f23a378474944
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  6eade5fbbdc3da227e7dfcece72382c4b62be2d7836f0301b3deead7751225d1
- Size
  
  484KB
- MD5
  
  2057f392e64792437e1ef363fa8281c9
- SHA1
  
  f2d6da9f7bc3292b095dbb08556a475731d4def6
- SHA256
  
  6eade5fbbdc3da227e7dfcece72382c4b62be2d7836f0301b3deead7751225d1
- SHA512
  
  a6eb40483170a119e373bc0b380b18cb270224276a47f28691cccf412beb633a5c45a862a5558d51d266733cc4f15da40f54e2df4f0cb5a327eecfffdb0cdd75
- SSDEEP
  
  6144:XQRLk3MmLibwe+MATqp8SFCkVmwTODcymSMhUA9h:Yo3Mmux4ThSV4cyhIUu
Score

10^/10

amadey 9a3efc trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadey9a3efctrojan

behavioral2

amadey9a3efctrojan