amadey | e5d6aca73dcd5e78e03528a6ef3fc6b1de83e95f1f0be16f55562a70c7dc4038 | Triage

Sharing

General

Target

e5d6aca73dcd5e78e03528a6ef3fc6b1de83e95f1f0be16f55562a70c7dc4038
Size

486KB
Sample

240620-z4t9zsxdqa
MD5

2c65316085af17f5bb7f82bfe4a1dde4
SHA1

cf419a94634e373fac642105bbcb8d5d2c032e48
SHA256

e5d6aca73dcd5e78e03528a6ef3fc6b1de83e95f1f0be16f55562a70c7dc4038
SHA512

c7dc683d254bfe15c71e56e575f131db0f8dc571202dd19dbdab583d8041b02d7edc4baf5e8c90582dfa790ddfe505e6a66deddb78a64cc66fc48f696e3b4235
SSDEEP

12288:bmlDvIrrgbZHuZWU5fTGCoLO6MK4cidSoDo:QvIrr+nUF8ORPd

Score

10^/10

amadey b2c2c1 trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

b2c2c1

C2

http://greendag.ru

Attributes

install_dir
e221f72865
install_file
Dctooux.exe
strings_key
09a7af7983af08af50ea3f51a73065e9
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  e5d6aca73dcd5e78e03528a6ef3fc6b1de83e95f1f0be16f55562a70c7dc4038
- Size
  
  486KB
- MD5
  
  2c65316085af17f5bb7f82bfe4a1dde4
- SHA1
  
  cf419a94634e373fac642105bbcb8d5d2c032e48
- SHA256
  
  e5d6aca73dcd5e78e03528a6ef3fc6b1de83e95f1f0be16f55562a70c7dc4038
- SHA512
  
  c7dc683d254bfe15c71e56e575f131db0f8dc571202dd19dbdab583d8041b02d7edc4baf5e8c90582dfa790ddfe505e6a66deddb78a64cc66fc48f696e3b4235
- SSDEEP
  
  12288:bmlDvIrrgbZHuZWU5fTGCoLO6MK4cidSoDo:QvIrr+nUF8ORPd
Score

10^/10

amadey b2c2c1 trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadeyb2c2c1trojan

behavioral2

amadeyb2c2c1trojan