amadey | be64ff756b067caa0e75330b7c3eda14ac836952bf892424a3688bd3cc546d19 | Triage

Sharing

General

Target

0ab81cf469e686dd487e750c15691b25.exe
Size

12.2MB
Sample

241216-rwvlsaspdx
MD5

0ab81cf469e686dd487e750c15691b25
SHA1

0a9fad134e266ac396ebe51dbcffcc0fbbb9bcd1
SHA256

be64ff756b067caa0e75330b7c3eda14ac836952bf892424a3688bd3cc546d19
SHA512

62564259efcad1ab33372682ea1ebb8a1dbc97c460280f36ecd88f8455f59938af1b635976c0cdcd43fe15fa1e14fae7f0f792bd00ea212ccb0f181bf114913d
SSDEEP

393216:rKx81sE0EZgkLKNihH+MUoczZPmnTK0YfJW6HKDaFuK0qIxewx3kowTnUKlL70KA:3qcvYfsBtUwx3kowTdL70KfdAtIexX

Score

10^/10

amadey 9c88c6 discovery trojan

Malware Config

Extracted

Family

amadey

Version

5.04

Botnet

9c88c6

Attributes

install_dir
c0461fd49a
install_file
Gxtuum.exe
strings_key
1b8c0142f1804d4531696e70270c2eee
url_paths
/pLQvfD4d5/index.php

rc4.plain

Targets

- Target
  
  0ab81cf469e686dd487e750c15691b25.exe
- Size
  
  12.2MB
- MD5
  
  0ab81cf469e686dd487e750c15691b25
- SHA1
  
  0a9fad134e266ac396ebe51dbcffcc0fbbb9bcd1
- SHA256
  
  be64ff756b067caa0e75330b7c3eda14ac836952bf892424a3688bd3cc546d19
- SHA512
  
  62564259efcad1ab33372682ea1ebb8a1dbc97c460280f36ecd88f8455f59938af1b635976c0cdcd43fe15fa1e14fae7f0f792bd00ea212ccb0f181bf114913d
- SSDEEP
  
  393216:rKx81sE0EZgkLKNihH+MUoczZPmnTK0YfJW6HKDaFuK0qIxewx3kowTnUKlL70KA:3qcvYfsBtUwx3kowTdL70KfdAtIexX
Score

10^/10

amadey 9c88c6 discovery trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Amadey family
  amadey
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadey9c88c6discoverytrojan

behavioral2

amadey9c88c6discoverytrojan