amadey

General

Target

fbf54cdbc5ee913a632567a80d1468822599d9a608c6e14eb0b2ffad0247f8fb
Size

9.0MB
Sample

241118-m8nlsavnay
MD5

12e8f6cd7924fdf8d5557c2f2e4cd3e4
SHA1

c9d25c9007480dcdc7dc49b519dd2f61c5a5b22a
SHA256

fbf54cdbc5ee913a632567a80d1468822599d9a608c6e14eb0b2ffad0247f8fb
SHA512

31b322f3f18892831ba1c24dd0eccefbc84daa7894749cf6bb1ba06558cc7f8ae248744fa0e0946beb56eb34048f6d34a1fb9ceedb9d5ea00e2ff796e6249cc0
SSDEEP

196608:NA/TcGrPnA36xgX6OtTJ/jKcoL7P50dkmkjk9hhWZovwMJ+2t:Nuc70yiJFC1oMht

Score

10^/10

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

c15c21

C2

http://45.93.20.135

Attributes

install_dir
12a728aeec
install_file
Gxtuum.exe
strings_key
5f9278bece2d0777966f092ec032e601
url_paths
/5nDshOg3cwA/index.php

rc4.plain

Targets

- Target
  
  fbf54cdbc5ee913a632567a80d1468822599d9a608c6e14eb0b2ffad0247f8fb
- Size
  
  9.0MB
- MD5
  
  12e8f6cd7924fdf8d5557c2f2e4cd3e4
- SHA1
  
  c9d25c9007480dcdc7dc49b519dd2f61c5a5b22a
- SHA256
  
  fbf54cdbc5ee913a632567a80d1468822599d9a608c6e14eb0b2ffad0247f8fb
- SHA512
  
  31b322f3f18892831ba1c24dd0eccefbc84daa7894749cf6bb1ba06558cc7f8ae248744fa0e0946beb56eb34048f6d34a1fb9ceedb9d5ea00e2ff796e6249cc0
- SSDEEP
  
  196608:NA/TcGrPnA36xgX6OtTJ/jKcoL7P50dkmkjk9hhWZovwMJ+2t:Nuc70yiJFC1oMht
Score

10^/10

amadey c15c21 discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Amadey family

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2