amadey | 2e37982832a976383db3a0e94fa3401d6b4af21ddcc662f3d75fb4be87c56227 | Triage

Sharing

General

Target

2e37982832a976383db3a0e94fa3401d6b4af21ddcc662f3d75fb4be87c56227N.exe
Size

215KB
Sample

241117-y5e11sxfpg
MD5

30f94d2af05b3aad89c7bd198e83ae10
SHA1

89040c52efbb8a13d6205d574a8d57c41ceba912
SHA256

2e37982832a976383db3a0e94fa3401d6b4af21ddcc662f3d75fb4be87c56227
SHA512

7de6fe32c17b4bf2b8141346ba7d73dbb7a285283ae42f607622a5de32601b78c90871f717424d4744b9c387fd115d50aac546652342060f56aced0eb41a6b54
SSDEEP

3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq

Score

10^/10

amadey f9a925 discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.81

Botnet

f9a925

C2

http://77.91.124.20

Attributes

install_dir
c3912af058
install_file
oneetx.exe
strings_key
0504ce46646b0dc397a3c30d6692ec75
url_paths
/store/games/index.php

rc4.plain

Targets

- Target
  
  2e37982832a976383db3a0e94fa3401d6b4af21ddcc662f3d75fb4be87c56227N.exe
- Size
  
  215KB
- MD5
  
  30f94d2af05b3aad89c7bd198e83ae10
- SHA1
  
  89040c52efbb8a13d6205d574a8d57c41ceba912
- SHA256
  
  2e37982832a976383db3a0e94fa3401d6b4af21ddcc662f3d75fb4be87c56227
- SHA512
  
  7de6fe32c17b4bf2b8141346ba7d73dbb7a285283ae42f607622a5de32601b78c90871f717424d4744b9c387fd115d50aac546652342060f56aced0eb41a6b54
- SSDEEP
  
  3072:mhMCsw9/w+A4cwP+5OzutpHKGruONM4QuZA+67bi83eILfbq5kmh:5Cswq+AXYu7HGOSuZAlAILjq
Score

10^/10

amadey f9a925 discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeyf9a925discoverytrojan

behavioral2