amadey | ee2731de800af9a7a62205def72321117e7b011343c7a3474ca348e7c2f37c3d | Triage

Sharing

General

Target

123cdee8a31e52577191351fae7b53ef.bin
Size

271KB
Sample

241213-bdff5svpar
MD5

3f4e1247dae57a2771dfa7a5e03f13ab
SHA1

5cafdc8b2ef7cdde69874844993d447941af5f59
SHA256

ee2731de800af9a7a62205def72321117e7b011343c7a3474ca348e7c2f37c3d
SHA512

1303bb8a04165d77a8fdf4f34e3b2bf10eb836afbb7e70c211a40f98a35a765b276cfeecd382ebb55ad6fae119fc650fe9a6bbddb846e56cfc804f27ec1c0661
SSDEEP

6144:79x56PLgmcxMbJHOqvNjTm8OY7PHX4rZk2WagZWnCeYW2rXvLRj+le:BxyLgmcxMb9OoNjDf7/X4VkjayJ9rXvv

Score

10^/10

amadey 1cc3fe discovery execution trojan

Malware Config

Extracted

Family

amadey

Version

4.18

Botnet

1cc3fe

C2

http://vitantgroup.com

Attributes

install_dir
431a343abc
install_file
Dctooux.exe
strings_key
5a2387e2bfef84adb686c856b4155237
url_paths
/xmlrpc.php

rc4.plain

Targets

- Target
  
  d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e.ps1
- Size
  
  583KB
- MD5
  
  123cdee8a31e52577191351fae7b53ef
- SHA1
  
  e8e645d8844b9a19012238be6ab2c4149d62f1cf
- SHA256
  
  d7e528b55b2eeb6786509664a70f641f14d0c13ceec539737eef26857355536e
- SHA512
  
  3ff792ced5090f68b7d6004213a9e6c653b42bcf5f10416b3b0cccf1a31516d5e737705d9826d21c8c84f240fc34726c76c60ec5fc8994f30a8e81839bee913a
- SSDEEP
  
  12288:kl6RA0zJb58097MFZ0sjlTONreknQV8Xie/0+4NW:kYRASw90sjtONrQV984NW
Score

10^/10

execution amadey 1cc3fe discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadey1cc3fediscoveryexecutiontrojan