amadey | d66b27fe72fe7bfd9a3c70addf43e29dbbe61364949fa55354d0753a3c7be430 | Triage

Sharing

General

Target

d66b27fe72fe7bfd9a3c70addf43e29dbbe61364949fa55354d0753a3c7be430N.exe
Size

3.1MB
Sample

241124-vpkd1swmdq
MD5

ecd5fa43d326516b5a9e5ac2c371f7c0
SHA1

dc99a0d33ceacc031806a9de2a9871361e6650aa
SHA256

d66b27fe72fe7bfd9a3c70addf43e29dbbe61364949fa55354d0753a3c7be430
SHA512

80532e7d35de815e47b17fb255f55b128be15d69cb2ea6300d43f2f8e79de1ee6a48553d460046947c5d8074d521f9865fee24f859828dbdc21d276907f96897
SSDEEP

49152:xLIqLmasYiBRc3CLVJoy1gtsEFUYLKPl3Ed:ZIqLmas/Be3aJ3PytLKPG

Score

10^/10

amadey 9c9aa5 discovery trojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes

install_dir
abc3bc1985
install_file
skotes.exe
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
url_paths
/Zu7JuNko/index.php

rc4.plain

Targets

- Target
  
  d66b27fe72fe7bfd9a3c70addf43e29dbbe61364949fa55354d0753a3c7be430N.exe
- Size
  
  3.1MB
- MD5
  
  ecd5fa43d326516b5a9e5ac2c371f7c0
- SHA1
  
  dc99a0d33ceacc031806a9de2a9871361e6650aa
- SHA256
  
  d66b27fe72fe7bfd9a3c70addf43e29dbbe61364949fa55354d0753a3c7be430
- SHA512
  
  80532e7d35de815e47b17fb255f55b128be15d69cb2ea6300d43f2f8e79de1ee6a48553d460046947c5d8074d521f9865fee24f859828dbdc21d276907f96897
- SSDEEP
  
  49152:xLIqLmasYiBRc3CLVJoy1gtsEFUYLKPl3Ed:ZIqLmas/Be3aJ3PytLKPG
Score

10^/10

amadey discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoverytrojan

behavioral2

amadeydiscoverytrojan