amadey | 1f9980ee029eb87e05f115dbe2e1f369173558817085df0e36976b25478dfa05 | Triage

Sharing

General

Target

5020-3-0x0000000000B00000-0x0000000000FBA000-memory.dmp
Size

4.7MB
Sample

241122-vcsjvstrez
MD5

789795016d29e848ae166249544053a6
SHA1

62c52635c2de643b645102d83d65e10f5cedb09b
SHA256

1f9980ee029eb87e05f115dbe2e1f369173558817085df0e36976b25478dfa05
SHA512

fb702d3a384ad6adc85ba4d55089ae6db7f0923d28764fcba1743fb0a002e477f2c4859299d8d7d9ec02a2f69d3cda3119a7bc6e0aec98993ef6cfef8b9d6ec3
SSDEEP

98304:yBiMiWLiKYQz/bw4b0M5e1I85VcSPVD5Hmaf++psONE:y3LRLw4bN2IMDPV9GNj

Score

10^/10

amadey 4dd39d trojan

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes

install_dir
ad40971b6b
install_file
explorti.exe
strings_key
a434973ad22def7137dbb5e059b7081e
url_paths
/Hun4Ko/index.php

rc4.plain

Targets

- Target
  
  5020-3-0x0000000000B00000-0x0000000000FBA000-memory.dmp
- Size
  
  4.7MB
- MD5
  
  789795016d29e848ae166249544053a6
- SHA1
  
  62c52635c2de643b645102d83d65e10f5cedb09b
- SHA256
  
  1f9980ee029eb87e05f115dbe2e1f369173558817085df0e36976b25478dfa05
- SHA512
  
  fb702d3a384ad6adc85ba4d55089ae6db7f0923d28764fcba1743fb0a002e477f2c4859299d8d7d9ec02a2f69d3cda3119a7bc6e0aec98993ef6cfef8b9d6ec3
- SSDEEP
  
  98304:yBiMiWLiKYQz/bw4b0M5e1I85VcSPVD5Hmaf++psONE:y3LRLw4bN2IMDPV9GNj
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2