amadey | d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e | Triage

Sharing

General

Target

d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e.ps1
Size

583KB
Sample

241212-danpfsxqhs
MD5

123cdee8a31e52577191351fae7b53ef
SHA1

e8e645d8844b9a19012238be6ab2c4149d62f1cf
SHA256

d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e
SHA512

3ff792ced5090f68b7d6004213a9e6c653b42bcf5f10416b3b0cccf1a31516d5e737705d9826d21c8c84f240fc34726c76c60ec5fc8994f30a8e81839bee913a
SSDEEP

12288:kl6RA0zJb58097MFZ0sjlTONreknQV8Xie/0+4NW:kYRASw90sjtONrQV984NW

Score

10^/10

amadey 1cc3fe discovery execution trojan

Malware Config

Extracted

Family

amadey

Version

4.18

Botnet

1cc3fe

C2

http://vitantgroup.com

Attributes

install_dir
431a343abc
install_file
Dctooux.exe
strings_key
5a2387e2bfef84adb686c856b4155237
url_paths
/xmlrpc.php

rc4.plain

Targets

- Target
  
  d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e.ps1
- Size
  
  583KB
- MD5
  
  123cdee8a31e52577191351fae7b53ef
- SHA1
  
  e8e645d8844b9a19012238be6ab2c4149d62f1cf
- SHA256
  
  d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e
- SHA512
  
  3ff792ced5090f68b7d6004213a9e6c653b42bcf5f10416b3b0cccf1a31516d5e737705d9826d21c8c84f240fc34726c76c60ec5fc8994f30a8e81839bee913a
- SSDEEP
  
  12288:kl6RA0zJb58097MFZ0sjlTONreknQV8Xie/0+4NW:kYRASw90sjtONrQV984NW
Score

10^/10

execution amadey 1cc3fe discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadey1cc3fediscoveryexecutiontrojan