amadey | 4ae196c51c70c762f9cbf250af00414f93e8ccea2337a7595d5307a474858812 | Triage

Sharing

General

Target

22ef0ec1302427d5b197b30e545d0400.exe
Size

16.4MB
Sample

241216-rtkzkasngs
MD5

22ef0ec1302427d5b197b30e545d0400
SHA1

bc6b6278e436c56311bacc5e4476e5d4bab00692
SHA256

4ae196c51c70c762f9cbf250af00414f93e8ccea2337a7595d5307a474858812
SHA512

27e97250d50f8b31fcb5552826655bed92cc3a5f8334710fbb905b5a3f21dfc8e6c7e3202fa3982a21544247711fbc1f361224bb42fad28c91cf362df502c6d0
SSDEEP

393216:vMFPfYHcbXui8nRMeW3PBNEbdAgKvd5txx:vLLn5AgKvxX

Score

10^/10

amadey 0b0f72 discovery trojan

Malware Config

Extracted

Family

amadey

Version

5.03

Botnet

0b0f72

Attributes

install_dir
6442e74d50
install_file
Gxtuum.exe
strings_key
d4bd0bf3214b416527b6ec31c7facca5
url_paths
/pLQvfD4d5/index.php

rc4.plain

Targets

- Target
  
  22ef0ec1302427d5b197b30e545d0400.exe
- Size
  
  16.4MB
- MD5
  
  22ef0ec1302427d5b197b30e545d0400
- SHA1
  
  bc6b6278e436c56311bacc5e4476e5d4bab00692
- SHA256
  
  4ae196c51c70c762f9cbf250af00414f93e8ccea2337a7595d5307a474858812
- SHA512
  
  27e97250d50f8b31fcb5552826655bed92cc3a5f8334710fbb905b5a3f21dfc8e6c7e3202fa3982a21544247711fbc1f361224bb42fad28c91cf362df502c6d0
- SSDEEP
  
  393216:vMFPfYHcbXui8nRMeW3PBNEbdAgKvd5txx:vLLn5AgKvxX
Score

10^/10

discovery amadey 0b0f72 trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

amadey0b0f72discoverytrojan