amadey | 942b5b45c76d896590c0e5ff555fbd741879526ba024ef4ddd1a54f628090674 | Triage

Sharing

General

Target

942b5b45c76d896590c0e5ff555fbd741879526ba024ef4ddd1a54f628090674.exe
Size

204KB
Sample

241118-cc6sdavmcv
MD5

d11bba158cca8751ef2e95a8a555a355
SHA1

2d4ea2d13d083d1072d6715fae0089388034fb2a
SHA256

942b5b45c76d896590c0e5ff555fbd741879526ba024ef4ddd1a54f628090674
SHA512

1dc885ce46d27dd45d185ca04602fd8bffe30806d21b817862abc85e1f0634c2bab0f3a4cf1b735ca698ab26eb56627148ed1fa0af4900b19f7d76c67aaed86f
SSDEEP

3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU/:Wfrnzurs3Czpexj2kGOIu5QTyJMKkG

Score

10^/10

amadey 9c0adb discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

9c0adb

C2

http://193.3.19.154

Attributes

install_dir
cb7ae701b3
install_file
oneetx.exe
strings_key
23b27c80db2465a8e1dc15491b69b82f
url_paths
/store/games/index.php

rc4.plain

Targets

- Target
  
  942b5b45c76d896590c0e5ff555fbd741879526ba024ef4ddd1a54f628090674.exe
- Size
  
  204KB
- MD5
  
  d11bba158cca8751ef2e95a8a555a355
- SHA1
  
  2d4ea2d13d083d1072d6715fae0089388034fb2a
- SHA256
  
  942b5b45c76d896590c0e5ff555fbd741879526ba024ef4ddd1a54f628090674
- SHA512
  
  1dc885ce46d27dd45d185ca04602fd8bffe30806d21b817862abc85e1f0634c2bab0f3a4cf1b735ca698ab26eb56627148ed1fa0af4900b19f7d76c67aaed86f
- SSDEEP
  
  3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU/:Wfrnzurs3Czpexj2kGOIu5QTyJMKkG
Score

10^/10

amadey 9c0adb discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey9c0adbdiscoverytrojan

behavioral2