amadey | 733c6bc982f3e286bc4999b8d2e2671ee88a73558b2a01445e1e8505d3d7c922 | Triage

Sharing

General

Target

733c6bc982f3e286bc4999b8d2e2671ee88a73558b2a01445e1e8505d3d7c922
Size

402KB
Sample

240621-fwfbbasgnk
MD5

f00fd453b110d8dfdc6907cf2e0e35e3
SHA1

b295fa6b39e24c40d8040bd33f80fa80d095999b
SHA256

733c6bc982f3e286bc4999b8d2e2671ee88a73558b2a01445e1e8505d3d7c922
SHA512

08092f3bdb0b19289f6f61f67f66d3cd35b9ebfeea8439f306c17670021186af8c9cfa76b6f376458c9bf6cc385b2a9e52d55e3d0ad20ce2ac60e1f19ab10721
SSDEEP

6144:jL9f8EQ+kyI+/1NjZnle7fk7uI4S96g//:yE2sRl7uI9H

Score

10^/10

amadey 9a3efc trojan

Malware Config

Extracted

Family

amadey

Version

4.21

Botnet

9a3efc

C2

http://check-ftp.ru

Attributes

install_dir
b9695770f1
install_file
Dctooux.exe
strings_key
1d3a0f2941c4060dba7f23a378474944
url_paths
/forum/index.php

rc4.plain

Targets

- Target
  
  733c6bc982f3e286bc4999b8d2e2671ee88a73558b2a01445e1e8505d3d7c922
- Size
  
  402KB
- MD5
  
  f00fd453b110d8dfdc6907cf2e0e35e3
- SHA1
  
  b295fa6b39e24c40d8040bd33f80fa80d095999b
- SHA256
  
  733c6bc982f3e286bc4999b8d2e2671ee88a73558b2a01445e1e8505d3d7c922
- SHA512
  
  08092f3bdb0b19289f6f61f67f66d3cd35b9ebfeea8439f306c17670021186af8c9cfa76b6f376458c9bf6cc385b2a9e52d55e3d0ad20ce2ac60e1f19ab10721
- SSDEEP
  
  6144:jL9f8EQ+kyI+/1NjZnle7fk7uI4S96g//:yE2sRl7uI9H
Score

10^/10

amadey 9a3efc trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

amadey9a3efctrojan

behavioral2

amadey9a3efctrojan