amadey | d6e4603de9838d087ff76be5e73c512cdc87e5ca5c6edab3377865fe015bdd53 | Triage

Sharing

General

Target

d6e4603de9838d087ff76be5e73c512cdc87e5ca5c6edab3377865fe015bdd53
Size

205KB
Sample

241121-k2qrfszfqd
MD5

53abd18470691dd086debd4e57af2ca7
SHA1

7436658257572f42c7401d84c4a37b1075b88d70
SHA256

d6e4603de9838d087ff76be5e73c512cdc87e5ca5c6edab3377865fe015bdd53
SHA512

58491d03512b7555f8c5fdedc7880fe8fddc18e4a7a96fbbf28a192b6f91042910b74356073bc46db51cbf51d5f3bd66a57cc92badecd4dea39d8f1bdff99fe4
SSDEEP

3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk

Score

10^/10

amadey 9c0adb discovery trojan

Malware Config

Extracted

Family

amadey

Version

3.80

Botnet

9c0adb

C2

http://193.3.19.154

Attributes

install_dir
cb7ae701b3
install_file
oneetx.exe
strings_key
23b27c80db2465a8e1dc15491b69b82f
url_paths
/store/games/index.php

rc4.plain

Targets

- Target
  
  d6e4603de9838d087ff76be5e73c512cdc87e5ca5c6edab3377865fe015bdd53
- Size
  
  205KB
- MD5
  
  53abd18470691dd086debd4e57af2ca7
- SHA1
  
  7436658257572f42c7401d84c4a37b1075b88d70
- SHA256
  
  d6e4603de9838d087ff76be5e73c512cdc87e5ca5c6edab3377865fe015bdd53
- SHA512
  
  58491d03512b7555f8c5fdedc7880fe8fddc18e4a7a96fbbf28a192b6f91042910b74356073bc46db51cbf51d5f3bd66a57cc92badecd4dea39d8f1bdff99fe4
- SSDEEP
  
  3072:c/frTDzurT1S3CzpdmnATE55zjExkKGruONMvhu5QTXzeJX2vkMfSDPwU:Wfrnzurs3Czpexj2kGOIu5QTyJMKk
Score

10^/10

amadey 9c0adb discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey9c0adbdiscoverytrojan

behavioral2