amadey | c3ebfddf9e19c430535564d03c68b2bfbc4b24591539f0f6a27f6a954bcf51cf | Triage

Sharing

General

Target

c3ebfddf9e19c430535564d03c68b2bfbc4b24591539f0f6a27f6a954bcf51cf.exe
Size

1.0MB
Sample

241118-damr6axarp
MD5

0ef38dbc5d7d1d22974c3d4d3a201467
SHA1

60217cdeee89ba6129b367ef7b17f113438d86b9
SHA256

c3ebfddf9e19c430535564d03c68b2bfbc4b24591539f0f6a27f6a954bcf51cf
SHA512

cba0a9bebb9215d901ffb306f402a83b7fa03da5deed4bd45a326b440b026cab9bcf4f30bb02cf485bc427bbb9077aa56ce516e9d03916eb0c9c9b42bd6eca2c
SSDEEP

12288:RUaYxiov1kJQaAdVWlbQeep6tgUDs3thCa9abuLNihYS0UvHZrm:RUaLoNbHI9465YthCag+shGM

Score

10^/10

amadey 98844c discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.70

Botnet

98844c

C2

http://79.137.203.19

Attributes

install_dir
aee1d75f06
install_file
oneetx.exe
strings_key
702c2e1ea76ddd4af8e80d8cf9ace72f
url_paths
/7hgd5fx4/index.php

rc4.plain

Targets

- Target
  
  c3ebfddf9e19c430535564d03c68b2bfbc4b24591539f0f6a27f6a954bcf51cf.exe
- Size
  
  1.0MB
- MD5
  
  0ef38dbc5d7d1d22974c3d4d3a201467
- SHA1
  
  60217cdeee89ba6129b367ef7b17f113438d86b9
- SHA256
  
  c3ebfddf9e19c430535564d03c68b2bfbc4b24591539f0f6a27f6a954bcf51cf
- SHA512
  
  cba0a9bebb9215d901ffb306f402a83b7fa03da5deed4bd45a326b440b026cab9bcf4f30bb02cf485bc427bbb9077aa56ce516e9d03916eb0c9c9b42bd6eca2c
- SSDEEP
  
  12288:RUaYxiov1kJQaAdVWlbQeep6tgUDs3thCa9abuLNihYS0UvHZrm:RUaLoNbHI9465YthCag+shGM
Score

10^/10

amadey 98844c discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey98844cdiscoverytrojan

behavioral2

amadey98844cdiscoverytrojan