amadey | acb502bc652a6dc0bbb43101e5ed6f80b87c52f602514d90e5ced5c58bc46718 | Triage

Sharing

General

Target

acb502bc652a6dc0bbb43101e5ed6f80b87c52f602514d90e5ced5c58bc46718N.exe
Size

3.0MB
Sample

241124-e6exvstrbs
MD5

e8f71f57afcf4e4c4d1a70daed074690
SHA1

71b053b6f19818cd0e800099528a121f880c8922
SHA256

acb502bc652a6dc0bbb43101e5ed6f80b87c52f602514d90e5ced5c58bc46718
SHA512

36f8ed3d73267eb6b2a05fe225af5d539419a7432d2ab340fc4d7dda41fee30a78c1cb54c74b88e6c630a4f5dc028194f712c8ea92cfe03d8196b778590cdf64
SSDEEP

49152:vZfAZAt2pf1uvhB36qrIOPmjWKEe1xUDDk5W7Ou:RfAZAt2pf1uvhB368IOvKDxADc

Score

10^/10

amadey 9c9aa5 discovery trojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes

install_dir
abc3bc1985
install_file
skotes.exe
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
url_paths
/Zu7JuNko/index.php

rc4.plain

Targets

- Target
  
  acb502bc652a6dc0bbb43101e5ed6f80b87c52f602514d90e5ced5c58bc46718N.exe
- Size
  
  3.0MB
- MD5
  
  e8f71f57afcf4e4c4d1a70daed074690
- SHA1
  
  71b053b6f19818cd0e800099528a121f880c8922
- SHA256
  
  acb502bc652a6dc0bbb43101e5ed6f80b87c52f602514d90e5ced5c58bc46718
- SHA512
  
  36f8ed3d73267eb6b2a05fe225af5d539419a7432d2ab340fc4d7dda41fee30a78c1cb54c74b88e6c630a4f5dc028194f712c8ea92cfe03d8196b778590cdf64
- SSDEEP
  
  49152:vZfAZAt2pf1uvhB36qrIOPmjWKEe1xUDDk5W7Ou:RfAZAt2pf1uvhB368IOvKDxADc
Score

10^/10

amadey discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoverytrojan

behavioral2

amadeydiscoverytrojan