amadey | b48b6b38768b5e6003b7c9412f3aeeb0bf74126f01e356691b7508c13a1b7e68 | Triage

Sharing

General

Target

b (1).cod
Size

67KB
Sample

240909-th2t2syhqd
MD5

efdae93cb31dc54c3d87779cd4492a66
SHA1

28e7c6c449170c4f64b660dfa83049e34cea5c06
SHA256

b48b6b38768b5e6003b7c9412f3aeeb0bf74126f01e356691b7508c13a1b7e68
SHA512

8192f1eb0b3147fb6f01b369c9d67904c0a19168a512d8f6414822cdaa2da01ec322d7c8e3a105e897fb33c0150e195f1e2584c31ce84aa7a367d50454f9c091
SSDEEP

1536:KSe9JyrL3EZo/3mgZgqS2P/kPERYSGZ9hJbqbo+UKfy5R9q4sIhuS7:s9JMLTy5jq0h97

Score

10^/10

amadey discovery execution trojan

Malware Config

Targets

- Target
  
  b (1).cod
- Size
  
  67KB
- MD5
  
  efdae93cb31dc54c3d87779cd4492a66
- SHA1
  
  28e7c6c449170c4f64b660dfa83049e34cea5c06
- SHA256
  
  b48b6b38768b5e6003b7c9412f3aeeb0bf74126f01e356691b7508c13a1b7e68
- SHA512
  
  8192f1eb0b3147fb6f01b369c9d67904c0a19168a512d8f6414822cdaa2da01ec322d7c8e3a105e897fb33c0150e195f1e2584c31ce84aa7a367d50454f9c091
- SSDEEP
  
  1536:KSe9JyrL3EZo/3mgZgqS2P/kPERYSGZ9hJbqbo+UKfy5R9q4sIhuS7:s9JMLTy5jq0h97
Score

10^/10

discovery execution amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

amadeydiscoveryexecutiontrojan