amadey | 3c4771adf010c9b5e421647a45ece45543db0beff94789b2c02509e32342b67a | Triage

Sharing

General

Target

3c4771adf010c9b5e421647a45ece45543db0beff94789b2c02509e32342b67a
Size

277KB
Sample

241121-2znbzszlgw
MD5

ed172e4e544b1069ca4afd64285180eb
SHA1

3066de9545d6dce148883ffd58101e8adaeaac03
SHA256

3c4771adf010c9b5e421647a45ece45543db0beff94789b2c02509e32342b67a
SHA512

3e1976d209d14337eb6b46ddf64e92b7c70b4c7aa16293e8122b6c5f602b07601af63d566b3b17526aece4d243f829475524462feddd4c203b05b00f0157205c
SSDEEP

3072:cSajbT5EbvRFGom1OHmU5k0oYaYmvuLhyK535irPFhZOpV:lajbTqGnmJ5k0oYfBLhJ5cYp

Score

10^/10

amadey 9c0adb discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

9c0adb

C2

http://193.3.19.154

Attributes

install_dir
cb7ae701b3
install_file
oneetx.exe
strings_key
23b27c80db2465a8e1dc15491b69b82f
url_paths
/store/games/index.php

rc4.plain

Targets

- Target
  
  3c4771adf010c9b5e421647a45ece45543db0beff94789b2c02509e32342b67a
- Size
  
  277KB
- MD5
  
  ed172e4e544b1069ca4afd64285180eb
- SHA1
  
  3066de9545d6dce148883ffd58101e8adaeaac03
- SHA256
  
  3c4771adf010c9b5e421647a45ece45543db0beff94789b2c02509e32342b67a
- SHA512
  
  3e1976d209d14337eb6b46ddf64e92b7c70b4c7aa16293e8122b6c5f602b07601af63d566b3b17526aece4d243f829475524462feddd4c203b05b00f0157205c
- SSDEEP
  
  3072:cSajbT5EbvRFGom1OHmU5k0oYaYmvuLhyK535irPFhZOpV:lajbTqGnmJ5k0oYfBLhJ5cYp
Score

10^/10

amadey 9c0adb discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey9c0adbdiscoverytrojan

behavioral2

amadey9c0adbdiscoverytrojan