amadey | 72ec99b49bae842f781c5e4af28e294c5a7a627a2041ad012de41c2cd2fea9b7 | Triage

Sharing

General

Target

2128-3-0x0000000000980000-0x0000000000E41000-memory.dmp
Size

4.8MB
Sample

241210-s8vmzstrgm
MD5

57eb324055445cfcbc10c208699730db
SHA1

70246ab3d89df047ba0654e80b0c662cbe691f21
SHA256

72ec99b49bae842f781c5e4af28e294c5a7a627a2041ad012de41c2cd2fea9b7
SHA512

3ee23a8ec3eb672848c9639d9507dbf2c1ca27e716cbff11262a5ef4142ad238675effcaac6ba18beb4f8e07e31209fe2d793736d4799d35e617cafe9ad2b3bd
SSDEEP

98304:0GO9TlaprGTtjdZwF41hW+TB9WLiZbvsjjiFZJU:0xt841hLoiZb/F/

Score

10^/10

amadey fed3aa trojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes

install_dir
44111dbc49
install_file
axplong.exe
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
url_paths
/Jo89Ku7d/index.php

rc4.plain

Targets

- Target
  
  2128-3-0x0000000000980000-0x0000000000E41000-memory.dmp
- Size
  
  4.8MB
- MD5
  
  57eb324055445cfcbc10c208699730db
- SHA1
  
  70246ab3d89df047ba0654e80b0c662cbe691f21
- SHA256
  
  72ec99b49bae842f781c5e4af28e294c5a7a627a2041ad012de41c2cd2fea9b7
- SHA512
  
  3ee23a8ec3eb672848c9639d9507dbf2c1ca27e716cbff11262a5ef4142ad238675effcaac6ba18beb4f8e07e31209fe2d793736d4799d35e617cafe9ad2b3bd
- SSDEEP
  
  98304:0GO9TlaprGTtjdZwF41hW+TB9WLiZbvsjjiFZJU:0xt841hLoiZb/F/
Score

10^/10

amadey trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2