amadey | fb7293cace4d978b86a0057ba90270b76b1ac2a4138de62f04124e3629ec696e | Triage

Sharing

General

Target

setup.exe
Size

486KB
Sample

240620-qp3s5stgpj
MD5

319d536f9299bf92b5d97150caed8fec
SHA1

b1e3514d557de62a2ea5460890cf36db62524c1c
SHA256

fb7293cace4d978b86a0057ba90270b76b1ac2a4138de62f04124e3629ec696e
SHA512

bc880c0d91d604bd122cbda12d2e248a15b41ff6900c7a760b851922beab02eaecce5fa70eb3fc13bd0ced30ddf158a9a534e6782d26ebf374e39624928a4f1a
SSDEEP

6144:pQ5Laikgzk7ztGAlAFor21ycKPRiLQQG3wD2pnhaDzB2r+Wo:yeikgw7zfQj6ocWzBHW

Score

10^/10

amadey 9a3efc trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes

install_dir
b9695770f1
install_file
Dctooux.exe
strings_key
1d3a0f2941c4060dba7f23a378474944
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  setup.exe
- Size
  
  486KB
- MD5
  
  319d536f9299bf92b5d97150caed8fec
- SHA1
  
  b1e3514d557de62a2ea5460890cf36db62524c1c
- SHA256
  
  fb7293cace4d978b86a0057ba90270b76b1ac2a4138de62f04124e3629ec696e
- SHA512
  
  bc880c0d91d604bd122cbda12d2e248a15b41ff6900c7a760b851922beab02eaecce5fa70eb3fc13bd0ced30ddf158a9a534e6782d26ebf374e39624928a4f1a
- SSDEEP
  
  6144:pQ5Laikgzk7ztGAlAFor21ycKPRiLQQG3wD2pnhaDzB2r+Wo:yeikgw7zfQj6ocWzBHW
Score

10^/10

amadey 9a3efc trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadey9a3efctrojan

behavioral2

amadey9a3efctrojan