amadey | 745354b83c0081fe8a70583478f93b80dc55e543524d6522178216232523f271 | Triage

Sharing

General

Target

745354b83c0081fe8a70583478f93b80dc55e543524d6522178216232523f271.exe
Size

3.1MB
Sample

241126-l8wrqasrhr
MD5

5a3bf4c0bee4f0b822a9a09cb6973b83
SHA1

1b64d35be0a636b091394f82f34bd37c19bd3469
SHA256

745354b83c0081fe8a70583478f93b80dc55e543524d6522178216232523f271
SHA512

c9ee77542b2a84c0ac49040da0d0e90de6dd5f85301b6e21ea7081b2207dcf6c96fd73e02e00764356349cc2f9918ef20e5b26aae60f6671dc4f7bd184180440
SSDEEP

49152:xLIqLmasYiBRc3CLVJoy1gtsEFUYLKPl3Edi:ZIqLmas/Be3aJ3PytLKPGs

Score

10^/10

amadey 9c9aa5 discovery trojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes

install_dir
abc3bc1985
install_file
skotes.exe
strings_key
8a35cf2ea38c2817dba29a4b5b25dcf0
url_paths
/Zu7JuNko/index.php

rc4.plain

Targets

- Target
  
  745354b83c0081fe8a70583478f93b80dc55e543524d6522178216232523f271.exe
- Size
  
  3.1MB
- MD5
  
  5a3bf4c0bee4f0b822a9a09cb6973b83
- SHA1
  
  1b64d35be0a636b091394f82f34bd37c19bd3469
- SHA256
  
  745354b83c0081fe8a70583478f93b80dc55e543524d6522178216232523f271
- SHA512
  
  c9ee77542b2a84c0ac49040da0d0e90de6dd5f85301b6e21ea7081b2207dcf6c96fd73e02e00764356349cc2f9918ef20e5b26aae60f6671dc4f7bd184180440
- SSDEEP
  
  49152:xLIqLmasYiBRc3CLVJoy1gtsEFUYLKPl3Edi:ZIqLmas/Be3aJ3PytLKPGs
Score

10^/10

amadey discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoverytrojan

behavioral2

amadeydiscoverytrojan